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Copyright 

Copyright © 2002 by ZyXEL Communications Corporation. 

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a 
retrieval system, translated into any language, or transmitted in any form or by any means, electronic, 
mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written 
permission of ZyXEL Communications Corporation. 

Published by ZyXEL Communications Corporation. All rights reserved. 

Disclaimer 

ZyXEL does not assume any liability arising out of the application or use of any products, or software 
described herein. Neither does it convey any license under its patent rights nor the patent rights of others. 
ZyXEL further reserves the right to make changes in any products described herein without notice. This 
publication is subject to change without notice. 

Trademarks 

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. 
Other trademarks mentioned in this publication are used for identification purposes only and may be 
properties of their respective owners. 
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Federal Communications Commission (FCC) 

Interference Statement 

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: 

• This device may not cause harmful interference. 

• This device must accept any interference received, including interference that may cause undesired 
operations. 

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to 
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful 
interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency 
energy, and if not installed and used in accordance with the instructions, may cause harmful interference to 
radio communications. 

If this equipment does cause harmful interference to radio/television reception, which can be determined by 
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of 
the following measures: 

1. Reorient or relocate the receiving antenna. 

2. Increase the separation between the equipment and the receiver. 

3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. 

4. Consult the dealer or an experienced radio/TV technician for help. 
Notice 

Changes or modifications not expressly approved by the party responsible for compliance could void the 
user's authority to operate the equipment. 

Certifications 

Refer to the product page at www.zyxel.com . 
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Information for Canadian Users 

The Industry Canada label identifies certified equipment. This certification means that the equipment meets 
certain telecommunications network protective operation and safety requirements. The Industry Canada label 
does not guarantee that the equipment will operate to a user's satisfaction. 

Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of 
the local telecommunications company. The equipment must also be installed using an acceptable method of 
connection. In some cases, the company's inside wiring associated with a single line individual service may 
be extended by means of a certified connector assembly. The customer should be aware that compliance with 
the above conditions may not prevent degradation of service in some situations. 

Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by 
the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may 
give the telecommunications company cause to request the user to disconnect the equipment. 

For their own protection, users should ensure that the electrical ground connections of the power utility, 
telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution 
may be particularly important in rural areas. 

Caution 

Users should not attempt to make such connections themselves, but should contact the appropriate electrical 
inspection authority, or electrician, as appropriate. 

Note 

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set 
out in the radio interference regulations of Industry Canada. 
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Declaration of Conformity 

We, the Manufacturer/Importer, 

ZyXEL Communications Corporation 
No. 6, Innovation Rd. II, 
Science-Based Industrial Park, 
Hsinchu, Taiwan, R.O.C., 300 

declare that the product 

Prestige 310 

is in conformity with 

(refer to the specification under which conformity is declared) 



STANDARD STANDARD ITEM VERSION 

EN 55022 Radio disturbance characteristics - Limits and method of measurement. 1998 

EN 61000-3-2 Disturbance in supply system caused by household appliances and similar 1995 
electrical equipment "Harmonics". 

EN 61000-3-3 Disturbance in supply system caused by household appliances and similar 1995 
electrical equipment "Voltage fluctuations". 

EN 61000-4-2 Electrostatic discharge immunity test - Basic EMC Publication. 1995 

EN 61000-4-3 Radiated radio-frequency electromagnetic field immunity test 1996 

EN 61 000-4-4 Electrical fast transient / burst immunity test - Basic EMC Publication. 1 995 

EN 61000-4-5 Surge immunity test. 1995 

EN 61 000-4-6 Immunity to conducted disturbances induced by radio-frequency fields. 1 996 

EN 61000-4-8 1993 

EN61 000-4-1 1 Voltage dips short interruptions and voltage variations immunity tests. 1 994 
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ZyXEL Limited Warranty 

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or 
workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon 
proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, 
ZyXEL will, at its discretion, repair or replace the defective products or components without charge for 
either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to 
proper operating condition. Any replacement will consist of a new or re-manufactured functionally 
equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not 
apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to 
abnormal working conditions. 

Note 

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This 
warranty is in lieu of all other warranties, express or implied, including any implied warranty of 
merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect 
or consequential damages of any kind of character to the purchaser. 

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material 
Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be 
insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty 
will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. 
All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage 
Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country 
to country. 
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Customer Support 

Please have the following information ready when you contact customer support. 

• Product model and serial number. 

• Information in Menu 24.2.1 - System Information. 

• Warranty information. 

• Date that you received your device. 



• Brief description of the problem and the steps you took to solve it. 



METHOD 

LUUA 1 IUIN 


E-MAIL 
SUPPORT/SALES 


TELEPHONE/FAX 


WEB SITE/ FTP SITE 


REGULAR MAIL 


WORLDWIDE 


support@zvxel.com.tw 
sales@zvxel.com.tw 


+886-3-578-3942 
+886-3-578-2439 


www.zvxel.com 
www.europe.zvxel.com 

ftp.europe.zvxel.com 


ZyXEL Communications Corp., 
6 Innovation Road II, Science- 
Based Industrial Park, 
HsinChu, Taiwan 300, R.O.C. 


NORTH 
AMERICA 


support@zvxel.com 
sales@zyxel.com 


+1-714-632-0882 
800-255-4101 

+1-714-632-0858 


www.zvxel.com 
ftp.zvxel.com 


ZyXEL Communications Inc., 
1650 Miraloma Avenue, 
Placentia, CA 92870, U.S.A. 


SCANDINAVIA 


support@zvxel.dk 
sales@zvxel.dk 


+45-3955-0700 
+45-3955-0707 


www.zvxel.dk 
flp.zvxel.dk 


ZyXEL Communications A/S, 
Columbusvej 5, 2860 Soeborg, 
Denmark. 


AUSTRIA 


support@zvxel.at 
sales@zvxel.at 


+43-1-4948677-0 
+43-1-4948678 


www.zvxel.at 
ftp.zvxel.at 


ZyXEL Communications 
Services GmbH. Thaliastrasse 
125a/2/2/4 A-1160 Vienna, 
Austria 


GERMANY 


support@zvxel.de 
sales@zvxel.de 


+49-2405-6909-0 
+49-2405-6909-99 


www.zvxel.de 


ZyXEL Deutschland GmbH. 
Adenauerstr. 20/A4 D-52146 
Wuerselen, Germany 


MALAYSIA 


support@zvxel.com.mv 
sales@zvxel.com.mv 


+603-795-44-688 
+603-795-34-407 


www.zvxel.com.mv 


Lot B2-06, PJ Industrial Park, 
Section 13, Jalan Kemajuan, 
46200 Petaling Jaya Selangor 
Darul Ehasn, Malaysia 



Customer Support 
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Preface 

About Your Gateway 

Congratulations on your purchase of the Prestige 310 Broadband Sharing Gateway. 



Don't forget to register your Prestige (fast, easy online registration at 




The Prestige 3 10 is a dual Ethernet broadband gateway integrated with network management features that 
allows access to the Internet via cable/xDSL modem. It is designed for: 

• Home offices and small businesses with cable and xDSL modem via Ethernet port as Internet access 
media. 

• Multiple office/department connections via access devices. 

Your Prestige 3 10 is easy to install and to configure. The embedded web configurator is a convenient 
platform-independent GUI (Graphical User Interface) that allows you easy access the Prestige's management 
settings. 

All functions of the Prestige 310 are also software configurable via the SMT (System Management Terminal) 
interface. The SMT is a menu-driven interface that you can access from a terminal emulator through the 
console port or over a Telnet connection. 

About This User's Guide 

This user's guide is designed to guide you through the SMT configuration of your Prestige 310 for its various 
applications. There is also HTML help for the embedded web configurator. To access the web configurator, 
follow the steps shown in the Accessing The Web Configurator section. Regardless of your particular 
application, it is important that you follow the steps outlined in Chapters 1 -2 to connect your Prestige to your 
LAN. You can then refer to the appropriate chapters of the user's guide, depending on your applications. 

Related Documentation 

• Support CD 

More detailed information and examples can be found in our included disk (as well as on the zyxel.com web 
site). This disk contains information on configuring your ZyWALL for Internet Access, general and 
advanced FAQs, Application Notes, Troubleshooting, a reference for CI Commands and bundled software. 

• Read Me First 

Our Read Me First is designed to help you get up and running right away. It contains a detailed easy-to- 
follow connection diagram, default settings, handy checklists and information on setting up your network and 
configuring for Internet access. 
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• ZyXEL Web Site 

The ZyXEL download library at www.zyxel.com contains additional support documentation. 

• Glossary 

Please refer to www.zyxel.com for an online glossary of networking terms. 



Syntax Conventions 

• "Enter" means for you to type one or more characters and press the carriage return. "Select" or 
"Choose" means for you to select one from the predefined choices. 

• The SMT menu titles and labels are in Bold Times font. The choices of a menu item are in Bold 
Arial font. A single keystroke is in Arial font and enclosed in square brackets, for instance, 
[ENTER] means the Enter, or carriage return, key; [ESC] means the escape key and [SPACE BAR] 
means the space bar. [UP] and [DOWN] are the up and down arrow keys. 

• For brevity's sake, we will use "e.g." as a shorthand for "for instance" and "i.e." for "that is" or "in 
other words" throughout this user's guide. 

• The Prestige 310 may be referred to as the Prestige or the P3 10 in this user's guide. Occasionally, 
SMT screens refer to the Prestige as a router. 
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Part I: 



Getting Started 



This section is a step-by-step guide to help you connect, install and setup your Prestige to operate 

on your network and access the Internet. 
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Chapter 1 

Getting to Know Your Prestige 

This chapter introduces the main features and applications of the Prestige as well as a checklist for 

fast Internet access. 

1.1 The Prestige 310 Broadband Sharing Gateway 

The Prestige 3 10 is a dual Ethernet broadband gateway integrated with robust network management features 
for Internet access via external cable/xDSL modem. Equipped with 10Mbps Ethernet WAN port for WAN, 
an auto-negotiating 10/1 00Mbps Ethernet port for LAN and the Network Address Translation (NAT) feature, 
the Prestige is uniquely suited as a broadband Internet access sharing gateway for small offices and home 
offices. 

1 .2 Features of the Prestige 31 0 

The following are the main features of the Prestige 310. 

1.2.1 10/1 00MB Auto-negotiation Ethernet/Fast Ethernet Interface 

This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust 
appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either 
half-duplex or full-duplex mode depending on your Ethernet network. 

1.2.2 SNMP 

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information 
between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP 
agent functionality, which allows a manager station to manage and monitor the Prestige through the network. 
The Prestige supports SNMP version one (SNMPvl). 

1.2.3 NAT (Network Address Translation) 

NAT (Network Address Translation - NAT, RFC 1631) allows the translation of an Internet Protocol address 
used within one network to a different IP address known within another network. The Prestige can now map 
multiple global IP addresses to local IP addresses of clients or servers. 
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1.2.4 Traffic Redirect 

Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the Prestige cannot connect to 
the Internet, thus acting as an auxiliary backup when your regular WAN connection fails. 

1.2.5 Port Forwarding 

Use this feature to forward incoming service requests to a server on your local network. You may enter a 
single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. 

1.2.6 Trigger Port Forwarding 

LAN computers dynamically take turns using the mapping based on the trigger port. With this feature, you 
needn't reconfigure a new IP address each time you want a different computer (as you would with Port 
Forwarding). 

1.2.7 Internal SPTGEN 

Internal SPTGEN (System Parameter Table Generator) lets you configure, save and upload multiple menus at 
the same time using just one configuration text file - eliminating the need to navigate and configure 
individual SMT menus for each Prestige. 

1.2.8 DHCP Support 

DHCP (Dynamic Host Configuration Protocol) allows the individual clients (workstations) to obtain the 
TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server 
capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS 
servers to Windows 9X, Windows NT and other systems that support the DHCP client. The Prestige can now 
also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real 
DHCP server to the clients. 

1.2.9 Dynamic DNS Support 

With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the 
host to be more easily accessible from various locations on the Internet. You must register for this service 
with a Dynamic DNS client. 

1.2.10 IP Multicast 

Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group Management 
Protocol) is the protocol used to support multicast groups. The latest version is version 2 (see RFC 2236); 
the Prestige supports both versions 1 and 2. 
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1.2.11 PPPoE Support 

PPPoE facilitates the interaction of a host with a broadband modem to achieve access to high-speed data 
networks via a familiar "dial-up networking" user interface. 

1.2.12 PPTP Support 

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a 
remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network. 

PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the 
Internet. 

1.2.13 IP Alias 

IP alias allows you to partition a physical network into logical networks over the same Ethernet interface. 

1.2.14 Call Scheduling 

Configure call time periods to restrict and allow access for users on remote nodes. 

1.2.15 Call Control 

The Prestige provides budget management for outgoing calls and chronicles incoming and outgoing calls. 

1.2.16 Full Network Management 

Your Prestige offers you a variety of options for network management. It supports password protected local 
and remote network management via the console port or a telnet connection using SMT (System 
Management Interface). It also supports FTP (File Transfer Protocol) server for remote management, TFTP 
(Trivial FTP), SNMP (Simple Network Management Protocol) and CI (Command Interpreter) mode. 

1.2.17 RoadRunner Support 

In addition to standard cable modem services, the Prestige supports Time Warner's RoadRunner Service. 

1.2.18 Time and Date Setting 

This new feature (menu 24.10) allows you to get the current time and date from an external server when you 
power up your Prestige. The real time is then displayed in the Prestige Menu 24.1- System Status and error 
logs. If you do not choose a time service protocol that your timeserver will send when the Prestige powers up 
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you can enter the time manually but each time the system is booted, the time & date will be reset to 1/1/1970 
0:0:0. 

1.2.19 Logging and Tracing 

• Built-in message logging and packet tracing. 

• Unix syslog facility support. 

1.2.20 Embedded FTP and TFTP Servers 

The Prestige's embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file 
backups and restoration. 

1.2.21 Packet Filtering 

The Packet Filtering mechanism blocks unwanted traffic from entering/leaving your network. 

1.2.22 Upgrade Prestige Firmware via LAN 

The firmware of your Prestige can be upgraded via the LAN. 

1.3 Applications for the Prestige 310 

1.3.1 Broadband Internet Access via Cable or DSL Modem 

A cable modem or xDSL modem can connect to the Prestige 310 for broadband Internet access via Ethernet 
port on the modem. A typical Internet access application is shown next. 




Figure 1-1 Internet Access Application 
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1.4 Internet Access Configuration Checklist 

The following table shows the minimum SMT menu configurations you'll need to make (without changing 
the default Prestige values) in order to access the Internet. Also refer to the HTML help on the Web 
Configurator. 



Table 1-1 Internet Access Configuration Checklist 







1 


System Name 


This field is for identification purposes but because some ISPs check this name you 

Qhni ilrl pnfpr \/ni ir rnmni iter'Q "Pnmni iter Mpitip" 

Ol IUUIU CIILCI yUUI L<UI 1 1 |JU LCI O V_/UI 1 1 |JU LCI INdlllC . 

• In Windows 95/98 click Start -> Settings -> Control Panel -> Network. Click 
the Identification tab, note the entry for the Computer name field and enter it as 
the Prestige System Name. 

• In Windows 2000 click Start->Settings->Control Panel and then double-click 
System. Click the Network Identification tab and then the Properties button. Note 
the entry for the Computer name field and enter it as the Prestige System Name. 

• In Windows XP, click start -> My Computer -> View system information and 
then click the Computer Name tab. Note the entry in the Full computer name field 
ana enier u as ine r resiige oysiem Name. 


2 


MAC Address: 
Assigned By 


The default is Factory Default, which is the factory assigned default MAC Address. 
We recommend you choose IP Address attached on LAN and enter the IP address 
of the workstation on the LAN whose MAC you are cloning. 


4 


Encapsulation 

PPTP 
PPPoE 


Choose PPPoE if you have a dial-up connection to the Internet (or PPTP if you 
reside in France or Austria); otherwise choose Ethernet. Choose from RR-Manager, 
RR-Telstra, or RR-Toshiba if your ISP is Time Warner's RoadRunner; otherwise 
choose Standard . 

You need to know your login name, password and connection ID/Name. The latter 
may not be obligatory for some ISPs, but if it is you must follow the "c:id" and 
"n:name" format. 

You need to know your login name, password and service name. The latter may not 
be obligatory for some ISPs. 




IP Address 
Assignment 


If your ISP did not assign you a fixed IP address, select Dynamic, otherwise select 
Static and enter the IP address & subnet mask in the IP address and IP Subnet 
Mask fields. 


Once these key fields have been configured, you should be able to enjoy super-fast Internet access with your 
Prestige! 
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Chapter 2 

Hardware Installation and Initial Setup 

This chapter shows you how to connect hardware and perform the initial setup. 



2.1 Front Panel LEDs and Rear Panel Ports 
2.1.1 Front Panel LEDs 

The LEDs on the front panel indicate the operational status of the Prestige. 



ZyXEL 


I 






1 


PRESTIGE 


PWR SYS 


10M 100M 
1 LAN 1 


10M 




300 SERIES 





Figure 2-1 Front Panel LEDs 
Table 2-1 LED Descriptions 



LED 


FUNCTION 


COLOR 


STATUS 


MEANING 


PWR 


Power 


Green 


On 


The Prestige is receiving power. 


SYS 


System 




Off 


The system is not ready or failed. 


On 


The system is ready and running. 


Flashing 


The system is rebooting. 


10M LAN 


LAN 


Green 


Off 


The 10M LAN is not connected. 


On 


The Prestige is connected to a 10M LAN. 


Flashing 


The 10M LAN is sending/receiving packets. 


100M LAN 


Orange 


Off 


The 100M LAN is not connected. 


On 


The Prestige is connected to a 100Mbps LAN. 


Flashing 


The 100M LAN is sending/receiving packets. 
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LED 


FUNCTION 


COLOR 


STATUS 


MEANING 


WAN 


WAN 


Green 


Off 


The WAN Link is not ready, or has failed. 


On 


The WAN Link is ok. 


Flashing 


The 10M WAN link is sending/receiving packets. 



2.2 Prestige 310 Rear Panel and Connections 

The following figure shows the rear panel of your Prestige 310 and the related connections. 



OFF ON 



Broadband modem/Internet Router 





Internet Service Provider 



Figure 2-2 Prestige 310 Rear Panel Connections 

This section outlines how to connect your Prestige 310 to the LAN and the WAN. If you want to connect a 
cable modem, you must connect the coaxial cable from your cable service to the threaded coaxial cable 
connector on the back of the cable modem. Connect an xDSL modem to the xDSL wall jack. 
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2.2.1 Connecting the Console Port 

Use terminal emulator software on a computer for configuring your Prestige via console port. Connect the 9- 
pin end of the console cable to the console port of the Prestige and the other end (choice of 9-pin or 25-pin, 
depending on your computer) end to a serial port (COM1, COM2 or other COM port) of your computer. You 
can use an extension RS-232 cable if the enclosed one is too short. After the initial setup, you can modify the 
configuration remotely through Telnet connections. 



2.2.2 Connecting the Prestige to the Broadband Modem 

Connecting the Prestige to a Cable Modem 

Connect the WAN port on the Prestige to the Ethernet port on the cable modem using the cable that came 
with your cable modem. The Ethernet port on a cable modem is sometimes labeled "PC" or "Workstation". 

Connecting the Prestige to an xDSL Modem 

Connect the WAN port on the Prestige to the Ethernet port on the xDSL modem using the cable that came 
with your xDSL modem. 



2.2.3 Connecting the Prestige to the LAN 



When the correct Ethernet cable is correctly connected to the computer or hub, 



For a single computer, connect the 10/100M LAN port on the Prestige to the Network Adapter on the 
computer using a straight-through Ethernet cable and push the Uplink button ("on"). If you want to use a 
crossover Ethernet cable for this connection, make sure the Uplink button is not pressed ("off). 

If you have more than one computer, you must use an external hub. Connect the 10/100M LAN port on the 
Prestige to a port on the hub using a straight-through Ethernet cable and make sure the Uplink button is "off. 
If you want to use a crossover Ethernet cable for this connection, make sure the Uplink button is pressed 
("on"). 

Table 2-2 Ethernet Cable Requirements and the Uplink Button 



UPLINK BUTTON 
STATUS 


TYPE OF ETHERNET CABLE FOR 
CONNECTING THE PRESTIGE TO A ... 




COMPUTER 


HUB 


"on" (pressed) 


straight-through 


crossover 


"off (not pressed) 


crossover 


straight-through 
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2.2.4 Connecting the Power Adapter to your Prestige 

Connect one end of the power adapter to the port labeled Power on the rear panel of your Prestige. 

To prevent damage to the Prestige, make sure you have the correct power adapter. 



2.2.5 Grounding the Prestige (Optional) 

Ground the Prestige by connecting a grounded wire to the F.G. (Frame Ground) of the Prestige. 

2.3 Additional Installation Requirements 

1. A computer with an installed Ethernet NIC (Network Interface Card). 

2. A computer equipped with communications software called terminal emulation software configured to 
the following parameters. 

• VT 100 terminal emulation. 

• 9600 baud. 

• No parity, 8 data bits, 1 stop bit, flow control set to none. 

3. A cable/xDSL modem and an ISP account. 



2.4 Turning on Your Prestige 

At this point, you should have connected the Console port, the LAN port, the WAN port and the Power to the 
appropriate devices or lines. Plug the power adapter into a power source. The PWR LED turns on. The SYS 
LED will come on after the system tests are complete. The WAN LED and one of the LAN LEDs turn on 
immediately after the SYS LED turns on, if the proper connections have been made to the LAN and WAN 
ports. 

2.4.1 Initial Screen 

When you turn on your Prestige, it performs several internal tests as well as line initialization. 
After the tests, the Prestige asks you to press [ENTER] to continue, as shown next. 
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Copyright (c) 1994 - 2002 ZyXEL Communications Corp. 
initialize ch =0, ethernet address: 0 0 : aO : c5 : 2 7 : 84 : 52 
initialize ch = 1, ethernet address: 0 0 : aO : c5 : 2 7 : 84 : 53 
Press ENTER to continue... 



Figure 2-3 Initial Screen 
2.4.2 Entering the Password 

The login screen appears after you press [ENTER], prompting you to enter the password, as shown next. 

For your first login, enter the default password "1234"." As you type the password, the screen displays an 
"X" for each character you type. 

Note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically 
log you out and display a blank screen. If you see a blank screen, press [ENTER] to display the login screen 
again. 



Enter Password : XXXX 



Figure 2-4 Password Screen 

2.5 Navigating the SMT Interface 

The SMT (System Management Terminal) is the interface that you use to configure your Prestige. 

Several operations that you should be familiar with before you attempt to modify the configuration are listed 
next. 
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Table 2-3 Main Menu Commands 



OPERATION 


KEYSTROKE 


DESCRIPTION 


Move down to 
another menu 


[ENTER] 




To move forward to a submenu, type in the number of the desired 
submenu and press [ENTER]. 


Move up to a 
previous menu 


[ESC] 


Press [ESC] to move back to the previous menu. 


Move to a "hidden" 
menu 


Press [SPACE 
BAR] to change No 
to Yes then press 
[ENTER]. 


Fields beginning with "Edit" lead to hidden menus and have a 
default setting of No. Press [SPACE BAR] once to change No to 
Yes, then press [ENTER] to go to the "hidden" menu. 


Move the cursor 


[ENTER] or 
[UP]/[DOWN] arrow 
keys. 


Within a menu, press [ENTER] to move to the next field. You can 
also use the [UP]/[DOWN] arrow keys to move to the previous 
and the next field, respectively. 


Entering 
information 


Type in or press 
[SPACE BAR], then 
press [ENTER]. 


You need to fill in two types of fields. The first requires you to type 
in the appropriate information. The second allows you to cycle 
through the available choices by pressing [SPACE BAR]. 


Required fields 


<?> 


All fields with the symbol <?> must be filled in order to be able to 
save the new configuration. 


N/A fields 


<N/A> 


Some of the fields in the SMT will show a <N/A>. This symbol 
refers to an option that is Not Applicable. 


Save your 
configuration 


[ENTER] 


Save your configuration by pressing [ENTER] at the message 
"Press ENTER to confirm or ESC to cancel". Saving the data on 
the screen will take you, in most cases to the previous menu. 


Exit the SMT 


Type 99, then press 
[ENTER]. 


Type 99 at the main menu prompt and press [ENTER] to exit the 
SMT interface. 



2.5.1 Main Menu 

After you enter the password, the SMT displays the Main Menu, as shown next. 
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Copyright (c) 1994 - 2002 ZyXEL Communications Corp 
Prestige 310 Main Menu 



Getting Started 

1. General Setup 

2 . WAN Setup 

3 . LAN Setup 

4 . Internet Access Setup 

Advanced Applications 

11. Remote Node Setup 

12. Static Routing Setup 
15 . NAT Setup 



Advanced Management 

21. Filter Set Configuration 
22 . SNMP Configuration 

23 . System Password 

24 . System Maintenance 

26. Schedule Setup 



99. Exit 
Enter Menu Selection Number: 



Figure 2-5 Prestige 310 Main Menu 



2.5.2 System Management Terminal Interface Summary 

Table 2-4 Main Menu Summary 



NO. 


MENU TITLE 


FUNCTION 


1 


General Setup 


Use this menu to set up routing/bridging and general information. 


2 


WAN Setup 


Use this menu to clone a MAC address from a computer on your LAN. 


3 


LAN Setup 


Use this menu to configure LAN DHCP and TCP/IP settings as well as 
apply LAN filters. 


4 


Internet Access Setup 


Configure your Internet Access setup (Internet address, gateway, login, 
etc.) with this menu. 


11 


Remote Node Setup 


Use this menu to configure detailed remote node settings (your ISP is 
also a remote node) as well as apply WAN filters. 


12 


Static Routing Setup 


Configure static routes for bridging and IP in this menu. 


15 


NAT Setup 


Use this menu to configure Network Address Translation. 


21 


Filter Set Configuration 


Use this menu to provide security via filters. 


22 


SNMP Configuration 


Use this menu to configure SNMP-related parameters. 


23 


System Password 


Change your password in this menu (recommended). 


24 


System Maintenance 


From displaying system status to uploading firmware, this menu provides 
comprehensive system maintenance. 


26 


Schedule Setup 


Use this menu to schedule outgoing calls. 


99 


Exit 


Use this menu to exit (necessary for remote configuration). 



Hardware Installation and Initial Setup 



2-7 



Prestige 310 Broadband Sharing Gateway 



2.5.3 SMT Menus at a Glance 



Main 
Menu 






i 






i 








r 










Menu 1 
General Setup 




Menu 2 
WAN Setup 




Menu 3 
LAN Setup 




Menu 4 
Internet Access 
Setup 



Menu 3.2 
TCP/IP and 
DHCP Setup 



Menu 1.1 
Configure 
Dynamic DNS 



Menu 3.1 
LAN Port 
Filter Setup 



Menu 3.2.1 
IP Alias Setup 



Menu 11.3 
Remote Node 
Network Layer 
Options 



Menu 11 
Remote Node 
Setup 



Menu 11.1 
Remote Node 
Profile 



Menu 11.6 
Traffic Redirect 
Setup 



Menu 11.5 
Remote Node 
Filter 



Menu 12 
IP Static 
Route Setup 



Menu 12.1 
Edit IP Static 
Route 



Menu 15 
NAT Setup 



Menu 15.1 
Address Mapping 
Sets 



Menu 15.1.1 
Address Mapping 
Rules 



Menu 15.2 
NAT Server 
Setup 



Menu 15.3 
Trigger Port 

Setup 



Menu 15.1.1.x 
Address Mapping 
Rule 



Figure 2-6 Getting Started and Advanced Application SMT Menus 
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1 








w 




Menu 21 
Filter Set Configuration 




Menu 22 
SNMP Configuration 




Menu 23 
System Password 





Menu 21.1. 
Filter Set Configuration 



Menu 21.1.x 
Filter Rules Summary 



Menu 21.1.x.y 
Generic Filter Rule 



Menu 21.1.x.y 
TCP/IP Filter Rule 



Menu 24 
System Maintenance 


' 




Menu 24.1 
System Maintenance 
System Status 


1 





Menu 24.2 
System Information 
and Console Port 
Speed 



Menu 24.2.1 
System Information 



Menu 24.2.2 

Console 
Port Speed 



Menu 24.3 
System Maintenance!*- 
Log and Trace 



Menu 24.3.1 
View Error Log 



Menu 24.3.2 
UNIX Syslog 



Menu 24.3.4 
Call-Triggering Packet 



Menu 24.4 
System Maintenance 
Diagnostic 
i 



Menu 24.5 
System Maintenance 
Backup Configuration 



Menu 24.6 
System Maintenance 
Restore Configuration 

♦ 



Menu 24.7 
System Maintenance 
Upload Firmware 



Menu 24.8 
Command Interpreter 
Mode 
i 



Menu 24.9 
System Maintenance 
Call Control 



Menu 24.10 
System Maintenance 
Time and Date Setting 



Menu 24.11 
System Maintenance 
Remote Management 
Control 



Menu 24.7.1 
Upload Router Firmware 



Menu 24.7.2 
Upload Router 
Configuration File 



Menu 24.9.1 
Budget Management 



Menu 24.9.2 
Call History 



Menu 26 
Schedule Setup 



Menu 26.1 
Schedule Set Setup 



Figure 2-7 Advanced Management SMT Menus 
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2.6 Changing the System Password 

Change the default system password by following the steps shown next. 

Step 1 . Enter 23 in the main menu to open Menu 23 — System Password as shown next. 
I i 

Menu 23 - System Password 



Old Password^ ? 
New Password- ? 
Retype to confirm^ ? 



Enter here to CONFIRM or ESC to CANCEL : 



Figure 2-8 Menu 23 — System Password 

Step 2. Type your existing password in the Old Password field and press [ENTER]. 

Step 3. Type your new system password in the New Password field and press [ENTER]. 

Step 4. Re-type your new system password for confirmation in the Retype to confirm field and press 
[ENTER]. 

Note that as you type a password, the screen displays an "X" for each character you type. 

2.6.1 Resetting the Prestige 

If you have forgotten your password or cannot access the SMT menus you will need to reinstall the 
configuration file. Uploading the configuration file replaces the current configuration file with the default 
configuration file, you will lose all configurations that you had before and the speed of the console port will 
be reset to the default of 9600bps with 8 data bit, no parity and 1 stop bit (8nl). The password will be reset to 
the default of "1234". 

Turn off the Prestige and begin a terminal emulation software session with the default console port settings. 
Turn on the Prestige again. When you see the message "Press Any key to enter Debug Mode within 3 
seconds", press any key to enter debug mode. You should already have downloaded the correct file from 
your nearest ZyXEL FTP site. Refer to the Firmware and Configuration Maintenance chapter for more 
information on how to transfer the configuration file to your Prestige. 
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2.7 General Setup 

Menu 1 - General Setup contains administrative and system-related information (shown next). The System 
Name field is for identification purposes. However, because some ISPs check this name you should enter 
your computer's "Computer Name". 

• In Windows 95/98 click Start -> Settings -> Control Panel -> Network. Click the Identification 

tab, note the entry for the Computer name field and enter it as the Prestige System Name. 

• In Windows 2000 click Start->Settings->Control Panel and then double-click System. Click the 
Network Identification tab and then the Properties button. Note the entry for the Computer name 

field and enter it as the Prestige System Name. 

• In Windows XP, click start -> My Computer -> View system information and then click the 
Computer Name tab. Note the entry in the Full computer name field and enter it as the Prestige 
System Name. 

The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the 
domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) 
on each individual computer, the domain name can be assigned from the Prestige via DHCP. 

2.7.1 Dynamic DNS 

Dynamic DNS (Domain Name System) allows you to update your current dynamic IP address with one or 
many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe or other services). 
You can also access your FTP server or Web site on your own computer using a DNS-like address (for 
example, myhost.dhs.org, where myhost is a name of your choice) which will never change instead of using 
an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you 
even if they don't know your IP address. 

First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people 
with a dynamic IP from their ISP or DHCP server that would still like to have a DNS name. 

To use this service, you must register with the Dynamic DNS service provider. The Dynamic DNS service 
provider will give you a password or key. The Prestige supports www.dyndns.org. You can apply to this 
service provider for Dynamic DNS service. 

DYNDNS Wildcard 

Enabling the wildcard feature for your host causes *. yourhost.dyndns.org to be aliased to the same IP address 
as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, 
www.yourhost.dyndns.org and still reach your hostname. 
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2.7.2 Procedure For Configuring Menu 1 

Step 1 . Enter 1 in the Main Menu to open Menu 1 - General Setup (shown next). 



Menu 1 - General 


Setup 


System Name- xxx 




Domain Name-zyxel . com. tw 




Edit Dynamic DNS= No 




Press ENTER to Confirm or 


ESC to Cancel: 



Figure 2-9 Menu 1 — General Setup 



Step 2. Fill in the required fields. Refer to the table shown next for more information about these fields. 



Table 2-5 General Setup Menu Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


System Name 


Choose a descriptive name for identification purposes. It is 
recommended you enter your computer's "Computer name" in this 
field. This name can be up to 30 alphanumeric characters long. 
Spaces are not allowed, but dashes "-" and underscores "_" are 
accepted. 


P310 


Domain Name 


Enter the domain name (if you know it) here. If you leave this field 
blank, the ISP may assign a domain name via DHCP. You can go to 
menu 24.8 and type "sys domainname" to see the current domain 
name used by your gateway. 

If you want to clear this field just press the [SPACE BAR]. The 
domain name entered by you is given priority over the ISP assigned 
domain name. 


zyxel.com.tw 


Edit Dynamic 
DNS 


Press the [SPACE BAR] to select Yes or No (default). Select Yes to 
configure Menu 1.1 — Configure Dynamic DNS (discussed next). 


No 


When you have completed this menu, press [ENTER] at the prompt "Press ENTER to Confirm..." to 
save your configuration, or press [ESC] at any time to cancel. 



2.7.3 Configuring Dynamic DNS 

To configure Dynamic DNS, go to Menu 1 — General Setup and press select Yes in the Edit Dynamic 
DNS field. Press [ENTER] to display Menu 1.1 — Configure Dynamic DNS as shown next. 
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Menu 1.1 - Configure Dynamic 


L 

DNS 


S e r vi c e Provide r — WWW DynDNS ORG 




Active— Yes 








Host— me . ddns . org 




EMAIL= ma ilOmail server 




USER— username 




Password- ********* 




Enable Wildcard= No 




Offline- N/A 




Press ENTER to confirm or ESC to 


cancel : | 



Figure 2-10 Configure Dynamic DNS 



Follow the instructions in the next table to configure Dynamic DNS parameters. 



Table 2-6 Configure Dynamic DNS Menu Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


Service Provider 


This is the name of your Dynamic DNS service provider. 


WWW.DvnDNS.ORG 
(default) 


Active 


Press [SPACE BAR] to select Yes and then press [ENTER] to 

IMcmfc; uyilcMMIli U I N O dUUVc. 


Yes 


DDNS Type 


Press [SPACE BAR] and then [ENTER] to select DynamicDNS 
if you have a dynamic IP address(es). Select StaticDNS if you 

ha\/p a ctatif^ IP aHHrpcc/c^ 
1 IdVC a oldllO li aUUICoo^sy. 

Select CustomDNS to have dyns.org provide DNS service for 
a domain name that you already have from a source other than 
dyndns.org. 

At the time of writing, dyndns.org provides the basic 
DynamicDNS and StaticDNS services along with a limited 
number of hostnames for free, but charges a fee for 
CustomDNS. See www.dvndns.org for details. 


DynamicDNS 

(defautl) 


Host 


Enter the domain name assigned to your Prestige by your 
Dynamic DNS provider. 


me.dyndns.org 


EMAIL 


Enter your e-mail address. 


mail@mailserver 


USER 


Enter your user name. 




Password 


Enter the password assigned to you. 




Enable Wildcard 


Your Prestige supports DYNDNS Wildcard. Press [SPACE 
BAR] and then [ENTER] to select Yes or No This field is N/A 
when you choose DDNS client as your service provider. 


No 


Offline 


This field is only available when CustomDNS is selected in the 


Yes 
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FIELD 


DESCRIPTION 


EXAMPLE 




DDNS Type field. Press [SPACE BAR] and then [ENTER] to 
select Yes. When Yes is selected, traffic is redirected to a URL 
that you have previously specified (see www.dyndns.orq for 
details). 




When you have completed this menu, press [ENTER] at the prompt "Press ENTER to Confirm..." to save 
your configuration, or press [ESC] at any time to cancel. 



If you have a private WAN IP address, then you can not use Dynamic DNS. 



2.8 WAN Setup 

This section describes how to configure the WAN using Menu 2 - WAN Setup. From the main menu, enter 2 
to display menu 2. 



ZyXEL recommends you configure this menu even if your ISP does not require 

MAC address athentication. 



Menu 2 - WAN Setup 

MAC Address: 
Assigned By-IP address attached on LAN 
IP Address= 192.168.1.33 

Press ENTER to Confirm or ESC to Cancel: 
Press Space Bar to Toggle 



Figure 2-1 1 Menu 2 — WAN Setup 

This screen allows you to configure the WAN port's MAC Address by either using the factory default or 
cloning the MAC address from a workstation on your LAN. Once it is successfully configured, the address 
will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting in 
menu 2 or upload a different rom file. 

The following table contains instructions on how to configure your WAN setup. 
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Table 2-7 WAN Setup Menu Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


MAC Address 
Assigned By 


Press the [SPACE BAR] to choose one of two methods to assign a 
MAC Address. Choose Factory default to select the factory assigned 
default MAC Address. Choose IP Address attached on LAN to use 
the MAC Address of that workstation whose IP you give in the 
following field. 


IP Address 
attached on 
LAN 


IP Address 


This field is applicable only if you choose the IP Address attached 
on LAN method in the Assigned By field above. Enter the IP 
address of the workstation on the LAN whose MAC you are cloning. 


192.168.1.33 


When you have completed this menu, press [ENTER] at the prompt "Press ENTER to Confirm..." to save 
your configuration, or press [ESC] at any time to cancel. 



Your Prestige WAN Port is always set at half-duplex mode as most cable modems only support half-duplex 
mode. If your cable modem supports full-duplex mode, then you will be able to manually set it at half-duplex 
mode. If the Prestige is set at half-duplex mode and the cable modem is set at full-duplex mode, then the 
WAN port will not function properly. 



Your Prestige supports full duplex mode on the LAN side. 



2.9 LAN Setup 

This section describes how to configure the LAN using Menu 3 — LAN Setup. From the main menu, enter 
3 to display menu 3 (shown next). 

Menu 3 - LAN Setup 



1. LAN Port Filter Setup 

2. TCP/IP and DHCP Setup 



Enter Menu Selection Number: 



Figure 2-12 Menu 3 — LAN Setup 



Hardware Installation and Initial Setup 



2-15 



Prestige 310 Broadband Sharing Gateway 



2.9.1 LAN Port Filter Setup 

This menu allows you to specify the filter sets that you wish to apply to the LAN traffic. You seldom need to 
filter the LAN traffic, however, the filter sets may be useful to block certain packets, reduce traffic and 
prevent security breaches. 



Menu 3.1 - LAN Port Filter Setup 

Input Filter Sets: 

protocol filters^ 2 

device filters^ 
Output Filter Sets: 

protocol filters= 

device filters= 

Press ENTER to Confirm or ESC to Cancel: 



Figure 2-13 Menu 3.1 - LAN Port Filter Setup 

Menu 3.2 is discussed in the next part of this User's Guide. Please read on. 
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Chapter 3 
Internet Access 

This chapter shows you how to configure the LAN as well as the WAN of your Prestige for Internet 

access. 

3.1 TCP/IP and DHCP for LAN 

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that 
support DHCP client capability. 

3.1.1 Factory LAN Defaults 

The LAN parameters of the Prestige are preset in the factory with the following values: 

1. IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) 

2. DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. 

These parameters should work for the majority of installations. If your ISP gives you explicit DNS server 
address(es), skip to the DNS Server Address section to see how to enter the DNS server address(es). 

3.1.2 DHCP Configuration 

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain 
TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable 
it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If set to 
None, DHCP service will be disabled and you must have another DHCP server on your LAN, or else the 
workstation must be manually configured. 

The Prestige can also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment 
from the actual real DHCP server to the clients. 

IP Pool Setup 

The Prestige is pre -configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64. 
This configuration leaves 3 1 IP addresses (excluding the Prestige itself) in the lower range for other server 
computers, for example, server for mail, FTP, Telnet, web, etc., that you may have. 
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DNS Server Address 

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for 
example, the IP address ofwww.zyxel.com is 204.217.0.2. The DNS server is extremely important because 
without it, you must know the IP address of a computer before you can access it. 

There are two ways that an ISP disseminates the DNS server addresses. 

1. The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign 
up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in DHCP Setup. 

2. Leave the DNS Server fields in DHCP Setup blank (for example 0.0.0.0). The Prestige acts as a DNS 
proxy when this field is blank. 



Table 3-1 Example of Network Properties for LAN Servers with Fixed IP Addresses 



Choose an IP address 


192.168.1.2 - 192.168.1.32; 192.168.1.65 - 192.168.1.254. 


Subnet mask 


255.255.255.0 


Gateway (or default route) 


192.168.1.1 (Prestige LAN IP) 



3.1.3 IP Address and Subnet Mask 

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one 
common network number. 

Where you obtain your network number depends on your particular situation. If the ISP or your network 
administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP 
addresses and the subnet mask. 

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account 
and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is 
recommended that you select a network number from 192.168.0.0 to 192.168.255.0 and you must enable the 
Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority 
(IANA) reserved this block of addresses specifically for private use; please do not use any other number 
unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 
individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first 
three numbers specify the network number while the last number identifies an individual workstation on that 
network. 

Once you have decided on the network number, pick an IP address that is easy to remember, for example, 
192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP. 

The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the 
subnet mask automatically based on the IP address that you entered. You don't need to change the subnet 
mask computed by the Prestige unless you are instructed to do otherwise. 
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3.1.4 Private IP Addresses 

Every computer on the Internet must have a unique IP address. If your networks are isolated from the 
Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts 
without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following 
three blocks of IP addresses specifically for private networks: 

Table 3-2 Private IP Address Ranges 

10.0.0.0 — 10.255.255.255 

172.16.0.0 — 172.31.255.255 

192.168.0.0— 192.168.255.255 

You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you 
belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the 
Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, 
you should consult your network administrator for the appropriate IP addresses. 



Regardless of your particular situation, do not create an arbitrary IP address; 
always follow the guidelines above. For more information on address assignment, 
please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, 
Guidelines for Management of IP Address Space. 

3.1.5 RIP Setup 

RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing 
information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. 
When set to Both or Out Only, the Prestige will broadcast its routing table periodically. When set to Both 
or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any 
RIP packets and will ignore any RIP packets received. 

The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends 
(it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more 
information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. 

Both RIP-2B and RJP-2M sends the routing data in RIP -2 format; the difference being that RIP-2B uses 
subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router 
machines since they generally do not listen to the RIP multicast address and so will not receive the RIP 
packets. However, if one router uses multicasting, then all routers on your network must use multicasting, 
also. 

By default, RIP Direction is set to Both and the Version set to RIP-1 . 
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3.1.6 IP Multicast 



Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or 
Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the 
network - not everybody and not just 1 . 

IGMP (Internet Group Multicast Protocol) is a session-layer protocol used to establish membership in a 
Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over 
version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed 
information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of 
RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 
239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast computers. 
The address 224.0.0. 1 is used for query messages and is assigned to the permanent group of all IP hosts 
(including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 
224.0.0.2 is assigned to the multicast routers group. 

The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the 
Prestige queries all directly connected networks to gather group membership. After that, the Prestige 
periodically updates this information. IP Multicasting can be enabled/disabled on the Prestige LAN and/or 
WAN interfaces using menus 3.2 (LAN) and 11.3 (WAN). Select None to disable IP Multicasting on these 
interfaces. 



IP Alias allows you to partition a physical network into different logical networks over the same Ethernet 
interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with 
the Prestige itself as the gateway for each LAN network. 



3.1.7 IP Alias 



Prestige 




Prestige 




LAN 1 IP Address (Menu 3.2) 



LAN 2 IP Alias 1 (Menu 3.2.1) 



Ethernet 
Interface 



LAN 3 IP Alias 2 (Menu 3.2.1) 



Figure 3-1 Physical Network 



Figure 3-2 Partitioned Logical Networks 
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Use menu 3.2.1 to configure IP Alias on your Prestige. 



3.2 TCP/IP and DHCP Ethernet Setup 

From the Main Menu, enter 3 to open Menu 3 — LAN Setup (10/100 Mbps Ethernet) to configure TCP/IP 
(RFC 1 155) and DHCP Ethernet setup. 



Menu 3 - LAN Setup 



1. LAN Port Filter Setup 

2. TCP/IP and DHCP Setup 




Figure 3-3 Menu 3 — LAN Setup (10/100 Mbps Ethernet) 



To edit the TCP/IP and DHCP configuration, enter 2 to display Menu 3.2 — TCP/IP and DHCP Ethernet 
Setup as shown next. 



Menu 3.2 - TCP/IP and DHCP Ethernet Setup 

DHCP= Server 
Configuration: 

Client IP Pool Starting Address 

Size of Client IP Pool= 

Primary DNS Server 

Secondary DNS Server^ 

DHCP Server Address 

TCP/IP Setup: 

IP Address^ 192.68.1.1. 
IP Subnet Mask= 255.25 
RIP Direction^ Both 

Version^ RIP-1 
Multicast^ None 
Edit IP Alias= No 

Press ENTER to Confirm or 

Press Space Bar to Toggle. 




First address 
in the IP 
Pool. 



Size of the IP 
Pool. 



IP addresses of 
the DNS 
servers. 



This is the IP 
address of the 



Figure 3-4 Menu 3.2 — TCP/IP and DHCP Ethernet Setup 
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Follow the instructions in the following table on how to configure the DHCP fields. 



Table 3-3 LAN DHCP Setup Menu Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


DHCP 


This field enables/disables the DHCP server. If it is set to Server, 
your Prestige will act as a DHCP server. If set to None, DHCP 
service will be disabled and you must have another DHCP sever 
on your LAN, or else the workstation must be manually configured. 
When DHCP is set to Server, the following four items need to be 
set. The Prestige can now also act as a surrogate DHCP server 
(Relay) where it relays IP address assignment from the actual real 
DHCP server to the clients. 


Server 

(default) 


Configuration: 

Client IP Pool Starting 
Address 


This field specifies the first of the contiguous addresses in the IP 
address pool. 


192.168.1.33 


Size of Client IP Pool 


This field specifies the size, or count, of the IP address pool. 


32 


Primary DNS Server 
Secondary DNS 
Server 


Enter the IP addresses of the DNS servers. The DNS servers are 
passed to the DHCP clients along with the IP address and the 
subnet mask. Leave these entries at 0.0.0.0 if they are provided by 
a WAN DHCP server. 




DHCP Server Address 


The Prestige acts as a surrogate DHCP server when you select 
Relay from the DHCP field. 

This field is N/A when the DHCP field is Server or None. 


N/A 



Follow the instructions in the following table on how to configure the TCP/IP parameters for the LAN port. 



Table 3-4 LAN TCP/IP Setup Menu Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


TCP/IP Setup: 
IP Address 


Enter the IP address of your Prestige in dotted decimal notation 


192.168.1.1 
(default) 


IP Subnet Mask 


Your Prestige will automatically calculate the subnet mask based on 
the IP address that you assign. Unless you are implementing 
subnetting, use the subnet mask computed by the Prestige 


255.255.255.0 


RIP Direction 


Press the [SPACE BAR] to select the RIP direction. 
Options are Both, In Only, Out Only or None. 


Both 

(default) 
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FIELD 


DESCRIPTION 


EXAMPLE 


Version 


Press the [SPACE BAR] to select the RIP version. 
Options are RIP-1, RIP-2B or RIP-2M. 


RIP-1 

(default) 


Multicast 


IGMP (Internet Group Multicast Protocol) is a session-layer protocol 
used to establish membership in a Multicast group. The Prestige 
supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Press the 
[SPACE BAR] to enable IP Multicasting or select None (default) to 
disable it. 


None 


Edit IP Alias 


The Prestige supports three logical LAN interfaces via its single 
physical Ethernet interface with the Prestige itself as the gateway for 
each LAN network. Press the [SPACE BAR] to select Yes, then 
press [ENTER] to display menu 3.2.1 


Yes 


When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm...] to save 
your configuration, or press [ESC] at any time to cancel. 



3.2.1 IP Alias Setup 

Use menu 3.2 to configure the first network and move the cursor to the Edit IP Alias field and press 
[SPACE BAR] to choose Yes and press [ENTER] to configure the second and third network. 

Pressing [ENTER] opens Menu 3.2.1 — IP Alias Setup, as shown next. 



Menu 3.2.1 - IP Alias Setup 

IP Alias 1= No 

IP Address^ N/A 

IP Subnet Mask= N/A 

RIP Direction^ N/A 
Version= N/A 

Incoming protocol filters= N/A 

Outgoing protocol filters- N/A 
IP Alias 2= No 

IP Address^ N/A 

IP Subnet Mask= N/A 

RIP Direction^ N/A 
Version= N/A 

Incoming protocol filters- N/A 

Outgoing protocol filters= N/A 

Enter here to CONFIRM or ESC to CANCEL: 
Press Space Bar to Toggle. 



Figure 3-5 Menu 3.2.1 — IP Alias Setup 

Follow the instructions in the following table to configure IP Alias parameters. 
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Table 3-5 IP Alias Setup Menu Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


IP Alias 


Choose Yes to configure the LAN network for the Prestige. 


Yes 


IP Address 


Enter the IP address of your Prestige in dotted decimal notation 


192.168.2.1 


IP Subnet Mask 


Your Prestige will automatically calculate the subnet mask based on 
the IP address that you assign. Unless you are implementing 
subnetting, use the subnet mask computed by the Prestige. 


255.255.255.0 


RIP Direction 


Press the [SPACE BAR] to select the RIP direction. 
Options are None, Both, In Only or Out Only. 


None 


Version 


Press the [SPACE BAR] to select the RIP version. 
Options are RIP-1, RIP-2B or RIP-2M. 


RIP-1 


Incoming 
Protocol Filters 


Enter the filter set(s) you wish to apply to the incoming traffic 
between this node and the Prestige. 




Outgoing 
Protocol Filters 


Enter the filter set(s) you wish to apply to the outgoing traffic between 
this node and the Prestige. 




When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm...] to save 
your configuration, or press [ESC] at any time to cancel. 



3.3 Internet Access Setup 

You will see three different menu 4 screens depending on whether you chose Ethernet, PPTP or PPPoE 
encapsulation. 

In the Encapsulation field in menu 4, choose: 

• Ethernet when the WAN port is used as a regular Ethernet. 

• PPTP or PPPoE if you have a dial-up connection to the Internet. 

3.3.1 Ethernet Encapsulation 

You must choose the Ethernet option when the WAN port is used as a regular Ethernet. If you choose 
Ethernet in menu 4 you will see the next screen. 
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Menu 4 - Internet Access Setup 

ISP's Name- ChangeMe 
Encapsulation- Ethernet 

Service Type- Standard 

My Login= N/A 

My Password- N/A 

Login Server IP= N/A 

IP Address Assignment- Dynamic 

IP Address- N/A 

IP Subnet Mask- N/A 

Gateway IP Address- N/A 
Network Address Translation - SUA Only 



Press ENTER to Confirm or ESC to Cancel: 



Figure 3-6 Internet Access Setup (Ethernet) 



The following table describes this screen. 



Table 3-6 Internet Access Setup Menu Fields 




ISP's Name 


Enter the name of your Internet Service Provider, for example, mylSP. This 
information is for identification purposes only. 


Encapsulation 


Press the [SPACE BAR] and the press [ENTER] to choose Ethernet. The 
encapsulation method influences your choices for IP Address. 


Service Type 


This is applicable only when you choose Ethernet as your encapsulation 
method. Press the [SPACE BAR] to select Standard, RR-Toshiba 
(RoadRunner Toshiba authentication method), RR-Manager (RoadRunner 
Manager authentication method) or RR-Telstra (RoadRunner Telstra 
authentication method). Choose a RoadRunner flavor if your ISP is Time 
Warner's RoadRunner; otherwise choose Standard. 


Note: xDSL users must choose the Standard option only. The Server IP, My Login IP and My 
Password" fields are not applicable in this case. 


My Login 


Enter the login name given to you by your ISP. 


My Password 


Enter the password associated with the login name above. 


Login Server IP 


The Prestige will find the RoadRunner Server IP if this field is left blank. If it 
does not, then you must enter the authentication server IP address. 


IP Address Assignment 


If your ISP did not assign you a fixed IP address, select Dynamic, otherwise 
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FIELD 


DESCRIPTION 




select Static and enter the IP address & subnet mask in the following fields. 


IP Address 


Enter the (fixed) IP address assigned to you by your ISP (Static IP Address 
Assignment is selected in the previous field). 


IP Subnet Mask 


Enter the subnet mask associated with your static IP. 


Gateway IP Address 


Enter the gateway IP address associated with your static IP. 


Network Address 
Translation 


Refer to the following chapter for a more detailed discussion on the Single 
User Account and NAT. Options are SUA only, Full Feature or None. 


Once you have finished configuring a rule in this menu, press [ENTER] at the message "Press ENTER to 
Confirm..." to save your configuration, or press [ESC] to cancel. 



3.3.2 PPTP Encapsulation 

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfer of data from a remote 
client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. 

PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the 
Internet. 

The P3 10 supports one PPTP server connection at any given time. 

3.3.3 Configure PPTP Client 

To configure a PPTP client, you must configure My Login and Password fields for PPP connection and 
PPTP parameters for PPTP connection. 

After configuring the User Name and Password for PPP connection, press [SPACE BAR] in the 
Encapsulation field in Menu 4 — Internet Access Setup to choose PPTP as your encapsulation option. 

If you choose PPTP in menu 4 you will see the next screen. 
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Menu 4 - Internet Ac ess s Setup 




ISP's Name- ChangeMe 




Encapsulation- PPTP 




Service Type- N/A 




My Login— username 




My Password- ****** 




Idle Timeout- 300 




IP Address Assignment- Dynamic 




IP Address- N/A 




IP Subnet Mask- N/A 




Gateway IP Address=N/A 




Network Address Translation - SUA Only 




Press ENTER to Confirm or ESC to Cancel: 







Figure 3-7 Internet Access Setup (PPTP) 



The following table contains instructions about the new fields when you choose PPTP in the Encapsulation 
field in menu 4. 



Table 3-7 New Fields in Menu 4 (PPTP) Screen 








Encapsulation 


Press the [SPACE BAR] and then press [ENTER] to choose 
PPTP. The encapsulation method influences your choices for 
IP Address. 


PPTP 


Idle Timeout 


This value specifies the time in seconds that elapses before 
the Prestige automatically disconnects from the PPTP server. 


300 
(default) 


Once you have finished configuring a rule in this menu, press [ENTER] at the message "Press 
ENTER to Confirm..." to save your configuration, or press [ESC] to cancel. 



3.3.4 PPPoE Encapsulation 

The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). You can use PPPoE encapsulation only 
when you're using the Prestige with an xDSL modem as the WAN device. 

PPPoE is an IETF Draft standard specifying how a host personal computer interacts with a broadband 
modem (i.e. xDSL, cable, wireless, etc.) to achieve access to high-speed data networks. It preserves the 
existing Microsoft Dial-Up Networking experience and requires no new learning or procedures. 

For the service provider, PPPoE offers an access and authentication method that works with existing access 
control systems (for example, Radius). For the user, PPPoE provides a login and authentication method that 
the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or 
procedures for Windows users. 
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One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function 
known as dynamic service selection. This enables the service provider to easily create and offer new IP 
services for specific users. 

Operationally, PPPoE saves significant effort for both the end user and ISP/carrier, as it requires no specific 
configuration of the broadband modem at the customer site. 

By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the 
LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with 
NAT, all of the LAN's computers will have access. 

If you enable PPPoE in menu 4, you will see the next screen. For more information on PPPoE, please refer to 
the PPPoE Appendix. 



Menu 4 - Internet Access Setup 

ISP's Name = ChangeMe 
Encapsulation- PPPoE 

Service Type- N/A 

My Login= 

My Password- ******** 
Idle Timeout = 300 

IP Address Assignment- Dynamic 

IP Address^ N/A 

IP Subnet Mask= N/A 

Gateway IP Address= N/A 
Network Address Translation = SUA Only 



Press ENTER to Confirm or ESC to Cancel: 



Figure 3-8 Internet Access (PPPoE) 



Table 3-8 New Fields in Menu 4 (PPPoE) Screen 



FIELD 


DESCRIPTION 


EXAMPLE 


Encapsulation 


Press the [SPACE BAR] and then press [ENTER] to choose 
PPPoE. The encapsulation method influences your choices for 
IP Address. 


PPPoE 


Idle Timeout 


This value specifies the time in seconds that elapses before the 
Prestige automatically disconnects from the PPPoE server. 


300 
(default) 
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3.4 Internet Test Setup 

After configuring the menu 4 fields when you press [ENTER] to confirm you will see the message, " Do you 
wish to perform the Internet Setup Test [y/n]:" if you have chosen PPTP or PPPoE as your encapsulation 
method. Enter "y" to test your setup. An example of Internet Setup Test is shown next. 



Start dialing for node <ChangeMe>. . . 
### Hit any key to continue. ### 

$$$ DIALING dev=a ch=0 

$$$ OUTGOING- CALL phone ( ) 

$$$ PPTP : Start tunnel setup, send SCCRQ 
$$$ PPTP: OCRQ sent 

$$$ CALL CONNECT speed<100 00 00 0> type<10> chan<0> 

$$$ LCP opened 

$$$ CHAP login to remote OK 

$$$ IPCP negotiation started 

$$$ CCP stopped 

$$$ BACP stopped 

$$$ IPCP neg 1 Primary DNS 2 02 . xxx . xxx . x 
$$$ IPCP opened 



Figure 3-9 Internet Setup Test Example 

3.5 Basic Setup Complete 

Well done! You have successfully connected, installed and set up your Prestige to operate on your network 
and access the Internet. 
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Part II: 



Advanced Applications 



This section describes the advanced applications of your Prestige, such as Remote Node Setup, IP 

Static Route Setup and NAT. 
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Chapter 4 
Remote Node Setup 



This chapter shows you how to configure a remote node. 



A remote node is required for placing calls to a remote gateway. A remote node represents both the remote 
gateway and the network behind it across a WAN connection. Note that when you use menu 4 to set up 
Internet access, you are actually configuring a remote node. We will show you how to configure the 
following menus: 

• Menu 11.1 — Remote Node Profile 

• Menu 11.3 — Remote Node Network Layer Options 

• Menu 11.5 — Remote Node Filter. 



From the main menu, enter 1 1 to display Menu 11.1 — Remote Node Profile. There are three variations of 
this menu depending on whether you choose Ethernet Encapsulation, PPTP or PPPoE Encapsulation. 

4.1.1 Ethernet Encapsulation 

Choose the Ethernet option when the WAN port is used as a regular Ethernet. The first menu 11.1 screen 
you see is for Ethernet Encapsulation shown next. 



4.1 Remote Node Profile 



Menu 11.1 - Remote Node Profile 



Rem Node Name= ChangeMe 
Active= Yes 



Route- IP 



Encapsulation^ Ethernet 
Service Type- Standard 
Service Name- N/A 
Outgoing : 



Edit IP- No 
Session Options: 

Edit Filter Sets- No 



My Login- N/A 
My Password- N/A 
Server IP- CHAP/PAP 



Press ENTER to Confirm or ESC to Cancel. 



Figure 4-1 Remote Node Profile for Ethernet Encapsulation 
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Table 4-1 Fields in Menu 11.1 (Ethernet Encapsulation) 



FIELD 


DESCRIPTION 


EXAMPLE 


Rem Node Name 


Enter a descriptive name for the remote node. This field can 
be up to eight characters. 


LAoffice 


Active 


Press [SPACE BAR] to select Yes (activate remote node) or 
No (deactivate remote node). 


Yes 


Encapsulation 


Ethernet is the default encapsulation. Press the [SPACE 
BAR] if you wish to change to PPPoE or PPTP 
encapsulation. 


Ethernet 


Service Type 


Press [SPACE BAR] to select from Standard, RR-Toshiba 
(RoadRunner Toshiba authentication method), RR-Manager 
(RoadRunner Manager authentication method) or, RR- 
Telstra (RoadRunner Telstra authentication method). 
Choose one of the RoadRunner methods if your ISP is Time 
Warner's RoadRunner; otherwise choose Standard. 


Standard 


Note: xDSL users must choose the Standard option only. The Server IP, My Login IP and My 
Password fields are not applicable in this case. 


Service Name 


This is valid only when you have chosen PPPoE 
encapsulation. If you are using PPPoE encapsulation, then 
type the name of your PPPoE service here. 


poellc 


Outgoing 






My Login 


This field is applicable for PPPoE encapsulation only. Enter 
the login name assigned by your ISP when the Prestige 
calls this remote node. Some ISPs append this field to the 
Service Name field above (for example, jim@poellc) to 
access the PPPoE server. 


jim 


My Password 


Enter the password assigned by your ISP when the Prestige 
calls this remote node. Valid for PPPoE encapsulation only. 


***** 


Server IP 


This field is valid for RoadRunner service type only. The 
Prestige will find the RoadRunner Server IP automatically if 
this field is left blank. If it does not, then you must enter the 
authentication server IP address here. 




Route 


This field refers to the protocol that will be routed by your 
Prestige - IP is the only option for the Prestige 10. 


IP 


Edit IP 


This field leads to a "hidden" menu. Press [SPACE BAR] to 
select Yes and press [ENTER] to go to Menu 11.3 — 
Remote Node Network Layer Options. 


Yes 



4-2 



Remote Node Setup 



Prestige 310 Broadband Sharing Gateway 



[-11 — 1 l—\ 

FIELD 


DESCRIPTION 


EXAMPLE 


Session Options 
Edit Filter sets 


This field leads to another "hidden" menu. Use the [SPACE 
BAR] to select Yes and press [ENTER] to open menu 1 1 .5 
to edit the filter sets. See the Remote Node Filter section for 
more details. 


Yes 


Once you have configured the Remote Node Profile Menu, press [ENTER] to return to menu 11. 
Press [ENTER] at the message "Press ENTER to Confirm..." to save your configuration, or press 
[ESC] at any time to cancel. 



4.2 PPTP Encapsulation 

If you change the Encapsulation to PPTP in menu 11.1, then you will see the next screen. See the PPTP 
Appendix for information. 



Rem Node Name- ChangeMe 
Active^ Yes 

Encapsulation^ PPTP 

Service Type- Standard 

Service Name-N/A 

Outgoing : 

My Login= 12 3 4 

My Password- ******** 

Authen= CHAP /PAP 

PPTP : 
IP Addr= 
Server IP Addr= 
Connection ID/Name- 



Menu 11.1 - Remote Node Profile 
Route= IP 



Edit IP= No 

Telco Option: 

Allocated Budget (min) = 0 

Period (hr) = 0 

Schedules^ 

Nailed-up Connections= 



Session Options: 
Edit Filter Sets= No 
Idle Timeout (sec) = 3 00 



Press ENTER to Confirm or ESC to Cancel: 
Press Space Bar to Toggle. 



Figure 4-2 Remote Node Profile for PPTP Encapsulation 

The next table shows how to configure the new fields in the Remote Node Profile menu. 

Table 4-2 Fields in Menu 11.1 (PPTP Encapsulation) 



FIELD 


DESCRIPTION 


EXAMPLE 


Encapsulation 


Press the [SPACE BAR] to choose PPTP. You must also go to 
menu 1 1 .3 to check the IP Address setting once you have 


PPTP 
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FIELD 


DESCRIPTION 


LX AM r Lb 




selected the encapsulation method. 




My IP Addr 


Enter the IP address of the WAN Ethernet port. 


10.0.0.140 


Server IP Addr 


Enter the IP address of the ANT modem. 


10.0.0.138 


Connection 
ID/Name 


Enter the connection ID or connection name in the ANT. It 
must follow the "c:id" and "n:name" format. 

This field is optional and depends on the requirements of your 
xDSL Modem. 


N:My ISP 


Schedules 


You can apply up to four schedule sets here. For more details 
please refer to the Call Schedule Scheduling chapter. 




Nailed-Up 
Connections 


Use the [SPACE BAR] to select Yes if you want to make the 
connection to this remote node a nailed-up connection. 


No 



Nailed-Up Connection 



A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The 
Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. 
The second is that the Prestige will try to bring up the connection at power-on and whenever the connection 
is down. A nailed-up connection can be very expensive for obvious reasons. 

Do not specify a nailed-up connection unless your telephone company offers flat- 
rate service or you need a constant connection and the cost is of no concern. 

4.2.1 PPPoE Encapsulation 

The Prestige supports PPPoE (Point- to -Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 
2516) specifying how a personal computer (PC) interacts with a broadband modem (i.e. xDSL, cable, 
wireless, etc.) connection. 

For the service provider, PPPoE offers an access and authentication method that works with existing access 
control systems (for example, Radius). For the user, PPPoE provides a login and authentication method that 
the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or 
procedures for Windows users. 

One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function 
known as dynamic service selection. This enables the service provider to easily create and offer new IP 
services for specific users. 

Operationally, PPPoE saves significant effort for both the end user and ISP/carrier, as it requires no specific 
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configuration of the broadband modem at the customer site. 

By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the 
LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with 
NAT, all of the LANs' computers will have access. 



Enable PPPoE in menu 1 1.1 by pressing the [SPACE BAR] to select PPPoE in the Encapsulation field. 



Rem Node Name= ChangeMe 
Active= Yes 

Encapsulation- PPPoE 
Service Type= Standard 
Service Name= 
Outgoing= 
My Login= 

My Password- ******** 
Authen- CHAP /PAP 



Menu 11.1 - Remote Node Profile 
Route- IP 



Edit IP- No 

Telco Option : 

Allocated Budget (min) - 0 
Period (hr) = 0 
Schedules- 
Nailed-up Connect ions= 

Session Options: 

Edit Filter Sets- No 
Idle Timeout (sec) - 100 



Press ENTER to Confirm or ESC to Cancel: 
Press Space Bar to Toggle. 



Figure 4-3 Menu 11.1 Remote Node Profile for PPPoE Encapsulation 

The next table describes the fields NOT already described in Table 4-1. 

Table 4-3 Table 4-3 Fields in Menu 11.1 (PPPoE Encapsulation Specific Only) 



FIELD 


DESCRIPTION 


EXAMPLE 


Authen 


This field sets the authentication protocol used for 
outgoing calls. 

Options for this field are: 

CHAP/PAP - Your Prestige will accept either CHAP or 
PAP when requested by this remote node. 

CHAP - accept CHAP only. 

PAP - accept PAP only. 


CHAP/PAP 
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FIELD 


DESCRIPTION 


EXAMPLE 


Telco Option 






Allocated Budget 
(min) 


The field sets a ceiling for outgoing call time for this 
remote node. The default for this field is 0 meaning no 
budget control. 


10 


Period(hr) 


This field is the time period that the budget should be 
reset. For example, if we are allowed to call this remote 
node for a maximum of 10 minutes every hour, then the 
Allocated Budget(min) is (10 minutes) and the 
Period(hr) is 1 (hour). 


1 


Schedules 


You can apply up to four schedule sets here. For more 
details please refer to the Call Scheduling chapter. 




Nailed-Up 
Connections 


This field specifies if you want to make the connection to 
this remote node a nailed-up connection. More details 
are given earlier in this section. 




Session Options 
Idle Timeout 


This value specifies the idle time (i.e., the length of time 
there is no traffic from the Prestige to the remote node) 
in seconds that can elapse before the Prestige 
automatically disconnects the PPPoE connection. This 
option only applies when the Prestiqe initiates the call. 


300 seconds 
(default) 









4.3 Editing TCP/IP Options (with Ethernet Encapsulation) 

Move the cursor to the Edit IP field in Menu 11.1, then press the [SPACE BAR] to set the value to Yes. 
Press [ENTER] to open Menu 11.3 — Network Layer Options. 
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Menu 11.3 - Remote Node Network Layer Options 

IP Address Assignment- Dynamic 

IP Address^ N/A 

IP Subnet Mask= N/A 

Gateway IP Addr= N/A 

Network Address Translation- SUA only 

Metrics N/A 

Private^ N/A 

RIP Direction- None 

Version- N/A 
Multicast- None 

Enter here to CONFIRM or ESC to CANCEL: 
Press Space Bar to Toggle. 



Figure 4-4 Remote Node Network Layer Options 

The next table gives you instructions about configuring remote node network layer options. 



Table 4-4 Remote Node Network Layer Options Menu Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


IP Address 
Assignment 


If your ISP did not assign you an explicit IP address, select 
Dynamic; otherwise select Static and enter the IP address & subnet 
mask in the following fields. 


Dynamic 


IP Address 


If you have a static IP address, enter the IP address assigned to you 
by your ISP. 




IP Subnet 
Mask 


If you have a static IP assignment, enter the subnet mask assigned 
to you. 




Gateway IP 
Addr 


If you have a static IP assignment, enter the gateway IP address 
assigned to you. 




Network 
Address 
Translation 


Use the [SPACE BAR] to select either Full Feature, None or SUA 
Only. See the NAT chapter for a full discussion of this feature. 


SUA Only 


Metric 


This field is valid only for PPTP/PPPoE encapsulation. The metric 
represents the "cost" of transmission for routing purposes. IP routing 
uses hop count as the measurement of cost, with a minimum of 1 for 
directly connected networks. Enter a number that approximates the 
cost for this link. The number need not be precise, but it must be 
between 1 and 15. In practice, 2 or 3 is usually a good number. 


3 


Private 


This field is valid only for PPTP/PPPoE encapsulation. This 
parameter determines if the Prestige will include the route to this 


Yes 
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FIELD 


DESCRIPTION 


EXAMPLE 




remote node in its RIP broadcasts. If set to Yes, this route is kept 
private and not included in RIP broadcast. If No, the route to this 
remote node will be propagated to other hosts through RIP 
broadcasts. 




RIP 


Press the [SPACE BAR] to select the RIP direction from Both, 
None, In Only or Out Only. Please see the RIP Setup section for 
more information on RIP. The default for RIP on the WAN side is 
None. It is recommended that you do not change this setting. 


None 


Version 


Press the [SPACE BAR] to select the RIP version. Options are RIP- 
1, RIP-2B, RIP-2M or None. 


None 


Multicast 


IGMP (Internet Group Multicast Protocol) is a session-layer protocol 
used to establish membership in a Multicast group. The Prestige 
supports both IGMP version 1 (IGMP-v1) and version 2 (IGMP-v2). 
Press [SPACE BAR] to enable IP Multicasting or select None to 
disable it. See the previous Part for more information on this feature. 


IGMP-V2 


Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to 
menu 1 1 . Press [ENTER] at the message "Press ENTER to Confirm..." to save your configuration, 
or press [ESC] at any time to cancel. 



4.3.1 Editing TCP/IP Options (with PPTP Encapsulation) 

Make sure that Encapsulation is set to PPTP in menu 11.1. Move the cursor to the Edit IP field in menu 11.1 
and then press the [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.3 — Network Layer 
Options. 

Menu 11.3 - Remote Node Network Layer Options 

IP Address Assignment- Dynamic 
Rem IP Address^ N/A 
Rem Subnet Mask= N/A 
My WAN Addr= N/A 

Network Address Translation^ Yes 

Metric^ 1 

Private- No 

RIP Direction- None 

Version= N/A 
Multicast^ None 

Enter here to CONFIRM or ESC to CANCEL: 
Press Space Bar to Toggle. 



Figure 4-5 Remote Node Network Layer Options 
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The next table gives you instructions about configuring remote node network layer options. 



Table 4-5 Remote Node Network Layer Options Menu Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


IP Address 
Assignment 


If your ISP did not assign you an explicit IP address, select Dynamic; 
otherwise select Static and enter the IP address & subnet mask in the 
following fields. 


Dynamic 


Rem IP Address 


If you have a Static IP Assignment, enter the IP address assigned to 
the remote node. 


192.168.1.1 


Rem IP Subnet 
Mask 


If you have a Static IP Assignment, enter the subnet mask assigned 
to the remote node. 


255.255.255.0 


My WAN Addr 


Some implementations, especially the UNIX derivatives, require the 
WAN link to have a separate IP network number from the LAN and 
each end must have a unique address within the WAN network 
number. If this is the case, enter the IP address assigned to the WAN 
port of your Prestige. 

Note that this is the address assigned to your local Prestige, not the 
remote router. 




Network 
Address 
Translation 


Use the [SPACE BAR] to select either Full Feature, None or SUA 
Only. See the NAT chapter for a full discussion on this feature. 


SUA Only 


Metric 


The metric represents the "cost'' of transmission for routing purposes. 
IP routing uses hop count as the measurement of cost, with a 
minimum of 1 for directly connected networks. Enter a number that 
approximates the cost for this link. The number need not be precise, 
but it must be between 1 and 15. In practice, 2 or 3 is usually a good 
number. 


1 to 15 


Private 


This parameter determines if the Prestige will include the route to this 
remote node in its RIP broadcasts. If set to Yes, this route is kept 
private and not included in RIP broadcast. If No, the route to this 
remote node will be propagated to other hosts through RIP 
broadcasts. 


Yes 


RIP 


Press the [SPACE BAR] to select the RIP direction. Options are: 
Both, None, In Only, Out Only or None. Please see the RIP Setup 

section for more information on RIP. The default for RIP on the 
WAN side is None. It is recommended that you do not change this 
setting. 


None 

(default) 
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FIELD 


DESCRIPTION 


EXAMPLE 


Version 


Press the [SPACE BAR] to select the RIP version. Options are RIP-1, 
RIP-2B or RIP-2M. 


RIP-1 


Multicast 


IGMP (Internet Group Multicast Protocol) is a session-layer protocol 
used to establish membership in a Multicast group. The Prestige 
supports both IGMP version 1 (IGMP-v1 ) and version 2 (IGMP-v2). 
Press the [SPACE BAR] to enable IP Multicasting or select None to 
disable it. See the previous Part for more information on this feature. 


None 


Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to menu 1 1 . 
Press [ENTER] at the message "Press ENTER to Confirm..." to save your configuration, or press [ESC] at 
any time to cancel. 



4.3.2 Editing TCP/IP Options (with PPPoE Encapsulation) 

Make sure Encapsulation is set to PPPoE in menu 11.1. Move the cursor to the Edit IP field in menu 11.1. 
The menu and filed are the same as described for PPTP encapsulation. 



4.4 Remote Node Filter 

Move the cursor to the field Edit Filter Sets in menu 11.1, then press the [SPACE BAR] to set the value to 
Yes. Press [ENTER] to open Menu 11.5 — Remote Node Filter. 

Use menu 1 1.5 to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote 
node and the Prestige to prevent certain packets from triggering calls. You can specify up to 4 filter sets 
separated by commas, for example, 1, 5, 9, 12, in each filter field. Note that spaces are accepted in this field. 
For more information on defining the filters, please refer to the Filters chapter. For PPPoE or PPTP 
encapsulation, you can also specify remote node call filter sets. 



Menu 11.5 - Remote Node Filter 

Input Filter Sets: 
protocol filters^ 5 
device filters^ 
Output Filter Sets: 
protocol filters^ 1 
device filters^ 

Enter here to CONFIRM or ESC to CANCEL : 



Figure 4-6 Remote Node Filter (Ethernet Encapsulation) 
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Menu 11.5 - Remote Node Filter 

Input Filter Sets: 
protocol filters- 5 
device filters- 
Output Filter Sets : 
protocol filters- 1 
device filters- 
Enter here to CONFIRM or ESC to CANCEL : 



Figure 4-7 Remote Node Filter (PPTP/PPPoE Encapsulation) 



4.5 Traffic Redirect 

Traffic redirect forwards WAN traffic to a backup gateway on the LAN when the Prestige cannot connect to 
the Internet, thus acting as an auxiliary backup when your regular WAN connection fails. 





Figure 4-8 Traffic Redirect Hardware Setup 

To configure the parameters for traffic redirect, enter 1 1 from the main menu to display Menu 11.1- 
Remote Node Profile as shown next. 
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Menu 11.1 - Remote Node Profile 

Rem Node Name= ? Route= IP 

Active= Yes 

Encapsulation^ Ethernet 
Service Type= Standard 
Service Name= N/A 
Outgoing: 

My Login= N/A 

My Password^ N/A 

Server IP- N/A 

Press ENTER to Confirm or ESC to Cancel. 

Figure 4-9 Menu 11.1 — Remote Node Profile 

To configure traffic redirect properties, press [SPACE BAR] to select Yes in the Edit Traffic Redirect field 
and then press [ENTER]. 



Table 4-6 Menu 11.1 — Remote Node Profile (Traffic Redirect Field) 



FIELD 


DESCRIPTION 


EXAMPLE 


Edit Traffic 
Redirect 


Press [SPACE BAR] to select Yes or No. 

Select No (default) if you do not want to configure this feature. 

Select Yes and press [ENTER] to configure Menu 11.6 — Traffic 
Redirect Setup. 


Yes 


Press [ENTER] at the message "Press ENTER to Confirm..." to save your configuration, or press [ESC] 
at any time to cancel. 



4.5.1 Traffic Redirect Setup 

Configure parameters that determine when the Prestige will forward WAN traffic to the backup gateway 
using Menu 11.6 — Traffic Redirect Setup. 



Edit IP= No 
Session Options: 
Edit foT c-n- uq 



Edit Traffic Redirects Yes 
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Menu 11.6 - Traffic Redirect Setup 



Active = Yes 
Configuration : 

Backup Gateway IP Address = 0.0.0.0 

Check WAN IP Address = 0.0.0.0 

Fail Tolerance = 5 

Check Connection Every: 

Timeout = 10 

Press ENTER to Confirm or ESC to Cancel: 
Press Space Bar to Toggle. 



Figure 4-1 0 Menu 1 1 .6 — Traffic Redirect Setup 



Table 4-7 Traffic Redirect Setup 



FIELD 


DESCRIPTION 


EXAMPLE 


Active 


Press [SPACE BAR] and select Yes (to enable) or No (to disable) 
traffic redirect setup. The default is No. 

When the Active field is Yes, you must configure every field in this 
screen unless you are using PPPoE or PPTP encapsulation (except 
Check WAN IP Address and Timeout). 

If \/ni i Hftn't f^rtnfim i re* thesces fi&IHc anrl am ■ icinn PPTP ftr PPPrtF 
ii yuu uui i i \j\Ji i iiljui c li icoc iiciuo ctiiu die ubi i ly ~~ i ~ ui rrrur_ 

encapsulation, then the Prestige checks the PPPoE channel or PPTP 
tunnel to determine if the WAN connection is down. 


Yes 


Configuration: 

Backup Gateway 
IP Address 


Enter the IP address of your backup gateway in dotted decimal 
notation. 

The Prestige automatically forwards traffic to this IP address if the 
Prestige's Internet connection terminates. 


0.0.0.0 


Check WAN IP 
Address 


Configuration of this field is optional. If you do not enter an IP address 
here, the Prestige will use the default gateway IP address. 

Configure this field to test your Prestige's WAN accessibility. Enter the 
IP address of a reliable nearby computer (for example, your ISP's DNS 
server address). 

If you are using PPTP or PPPoE Encapsulation, enter "0.0.0.0" to 
configure the Prestige to check the PVC (Permanent Virtual Circuit) or 
PPTP tunnel. 


0.0.0.0 


Fail Tolerance 


Enter the number of times your Prestige may attempt and fail to 
connect to the Internet before traffic is forwarded to the backup 


5 
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FIELD 


DESCRIPTION 


EXAMPLE 




gateway. 




Check Connection 
Every 


Enter how often (in seconds) the Prestige will check the Internet 
connection. Allow more time if your destination IP address handles 
lots of traffic. 


3 


Timeout 


Enter the amount of time (in seconds) that your Prestige will wait for a 
ping response from the IP Address in the Check WAN IP Address 
field before it times out. 

The WAN connection is considered "down" after the Prestige times out 
the number of times specified in the Fail Tolerance field. 

If your network is busy or congested, you should increase the value in 
this field. 


10 


When you have completed this menu, press [ENTER] at the prompt "Press [ENTER] to confirm or [ESC] to 
cancel" to save your configuration or press [ESC] to cancel and go back to the previous screen. 
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Chapter 5 
IP Static Route Setup 

This chapter shows you how to configure static routes with your Prestige. 

Static routes tell the Prestige routing information that it cannot learn automatically through other means. This 
can arise in cases where RIP is disabled on the LAN. 

Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has 
no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following 
diagram through remote node router 1. However, the Prestige is unable to route a packet to network N3 
because it doesn't know that there is a route through the same remote node Router 1 (via gateway Router 2). 
The static routes are for you to tell the Prestige about the networks beyond the remote nodes. 



Nl N2 N3 




Figure 5-1 Example of Static Routing Topology 
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5.1 IP Static Route Setup 

You configure IP static routes in menu 12. 1, by selecting one of the IP static routes as shown below. Enter 
12 from the main menu. 



Menu 12 - IP Static Route Setup 

1 . 

2 . 

3 . 

4 . 

5 . 

6 . 

7 . 

8 . 



Enter selection number: 



Figure 5-2 Menu 12 — IP Static Route Setup 

Now, enter the index number of one of the static routes you want to configure. 





Menu 12.1 - Edit IP Static Route 




Route # : 1 




Route Name- ? 




Active- No 




Destination IP Address^ ? 




IP Subnet Mask= ? 




Gateway IP Address= ? 




Metric= 2 




Private= No 




Press ENTER to CONFIRM or ESC to CANCEL : 



Figure 5-3 Menu 12. 1 — Edit IP Static Route 



The following table describes fields in Menu 12.1 — Edit IP Static Route Menu. 
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Table 5-1 IP Static Route Menu Fields 



FIELD 


DESCRIPTION 


Route # 


This is the index number of the static route that you chose in menu 1 2. 


Route Name 


Enter a descriptive name for this route. This is for identification purposes only. 


Active 


This field allows you to activate/deactivate this static route. 


Destination IP 
Address 


This parameter specifies the IP network address of the final destination. Routing is 
always based on network number. If you need to specify a route to a single host, use 
a subnet mask of 255.255.255.255 in the subnet mask field to force the network 
number to be identical to the host ID. 


IP Subnet Mask 


Enter the IP subnet mask for this destination. 


Gateway IP 
Address 


Enter the IP address of the gateway. The gateway is an immediate neighbor of your 
Prestige that will forward the packet to the destination. On the LAN, the gateway must 
be a router on the same segment as your Prestige; over the WAN, the gateway must 
be the IP address of one of the Remote Nodes. 


Metric 


Metric represents the "cost" of transmission for routing purposes. IP routing uses hop 
count as the measurement of cost, with a minimum of 1 for directly connected 
networks. Enter a number that approximates the cost for this link. The number need 
not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good 
number. 


Private 


This parameter determines if the Prestige will include the route to this remote node in 
its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP 
broadcast. If No, the route to this remote node will be propagated to other hosts 
through RIP broadcasts. 


Once you have completed filling in this menu, press [ENTER] at the message "Press ENTER to 
Confirm..." to save your configuration, or press [ESC] to cancel. 
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Chapter 6 

Network Address Translation (NAT) 

This chapter discusses how to configure NAT on the Prestige. 

6.1 Introduction 

NAT (Network Address Translation - NAT, RFC 163 1) is the translation of the IP address of a host in a 
packet, for example, the source address of an outgoing packet, used within one network to a different IP 
address known within another network. 

6.1.1 NAT Definitions 

Inside/outside denotes where a host is located relative to the Prestige, for example, the workstations of your 
subscribers are the inside hosts, while the web servers on the Internet are the outside hosts. 

Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the 
local address refers to the IP address of a host when the packet is in the local network, while the global 
address refers to the IP address of the host when the same packet is travelling in the WAN side. 

Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host 
used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the 
packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside 
host when the packet is on the WAN side. The following table summarizes this information. 



Table 6-1 NAT Definitions 



TERM 




Inside 


This refers to the host on the LAN. 


Outside 


This refers to the host on the WAN. 


Local 


This refers to the packet address (source or destination) as the packet travels on the LAN. 


Global 


This refers to the packet address (source or destination) as the packet travels on the 
WAN. 
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NAT never changes the IP address (either local or global) of an outside host. 



6.1.2 What NAT Does 

In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside 
local address) to another (the inside global address) before forwarding the packet to the WAN side. When 
the response comes back, NAT translates the destination address (the inside global address) back the inside 
local address before forwarding it to the original inside host. Note that the IP address (either local or global) 
of an outside host is never changed. 

The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In 
addition, you can designate servers, for example, a web server and a telnet server, on your local network and 
make them accessible to the outside world. If you do not define any servers (for Many-to-One and Many-to- 
Many Overload mapping - see Table 6-2), NAT offers the additional benefit of firewall protection. If no 
server is defined in these cases, all incoming inquiries will be filtered out by your Prestige, thus preventing 
intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The 
IP Network Address Translator (NAT). 

6.1.3 How NAT Works 

Each packet has two addresses - a source address and a destination address. For outgoing packets, the ILA 
(Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source 
address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is 
the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required 
for communication with hosts on other networks. It replaces the original IP source address (and TCP or UDP 
source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then 
forwards it to the Internet. The Prestige keeps track of the original addresses and port numbers so incoming 
reply packets can have their original values restored. The following figure illustrates this. 
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NAT Table 



LAN 



IP Address = 
192.16ai.13 



IP Address = 
192.168.1.12 



IP Address = 
192.168.1.11 




IP Address = 
192.16at10 



Inside Local 
IP Address 
192.168.1.10 
192.168.1.11 
192.168.1.12 
192.168.1.13 



Inside Local 
Addresses (I LA) 



Inside Global 

IP Address 

IGA1 

IGA2 

IGA3 

IGA4 



WAN 




Inside Global 
Addresses (IGA) 



Figure 6-1 How NAT Works 



6.1.4 NAT Application 

The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP 
Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the 
end of this chapter. 
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Server in 
Admh Network 
=IP1 (IGA 1) 



Corporation B 



-~" LAN1: 192.168.1.X 



Corporation A 



Network Server 
"Admin" =192.168.1.1 



Server in 
Sales Network 
=IP2 (IGA 2) 



*1 




PC 2 LAN2: 192.168.2.X 
Network Server 
"Sales" = 192.168.2.1 



Server in 
R&D Network 
= IP3 (IGA 3) 



WAN Add res 

IGA 1 

IGA 2 

IGA 3 



iffSiffjifi 



LAN3: 192.168.3.X 
* Network Server 
^ 'R&D"= 192.168.3.1 



LAN Addresses:(Defajlt IPs) 
-» 192168.1.1 
-i 192168.2.1 

192168.3.1 



Figure 6-2 NAT Application With IP Alias 



6.1.5 NAT Mapping Types 

NAT supports five types of IP/port mapping. They are: 

1. One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. 

2. Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP 
address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account 
feature that previous ZyXEL routers supported (the SUA Only option in today's routers). 

3. Many to Many Overload: In Many- to -Many Overload mode, the Prestige maps the multiple local IP 
addresses to shared global IP addresses. 

4. Many One to Onei In Many-One-to-One mode, the Prestige maps the each local IP addresses to unique 
global IP addresses. 
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5. Server: This type allows you to specify inside servers of different services behind the NAT to be 
accessible to the outside world. 



Port numbers do not change for One-to-One and Many-One-to-One NAT mapping 



The following table summarizes these types. 

Table 6-2 NAT Mapping Types 



TYPE 


IP MAPPING 


SMT ABBREVIATION 


One-to-One 


ILA1<--> IGA1 


1:1 


Many-to-One (SUA/PAT) 


ILA1<--> IGA1 
ILA2^ IGA1 


M:1 


Many-to-Many Overload 


ILA1<--> IGA1 
ILA2^ IGA2 
ILA3^ IGA1 
ILA4^ IGA2 


M:M Ov 


Many-One-to-One 


ILA1<--> IGA1 
ILA2^ IGA2 
ILA3^ IGA3 


M:1:1 


Server 


Server 1 IP<~» IGA1 
Server 2 IP^ IGA1 
Server 3 IP^ IGA1 


Server 



6.2 Using NAT 

6.2.1 SUA (Single User Account) Versus NAT 

SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of 
mapping, Many-to-One and Server. See section 6.3.1 for a detailed description of the NAT set for SUA. 
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The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN 
IP addresses of clients or servers using mapping types as outlined in Table 6-2. 

1 . Choose SUA Only if you have just one public WAN IP address for your Prestige. 
2. Choose Full Feature if you have multiple public WAN IP addresses for your 



6.2.2 Applying NAT 

You apply NAT via menus 4 or 1 1.3 as displayed next. The next figure shows you how to apply NAT for 
Internet access in menu 4. Enter 4 from the main menu to go to Menu 4 — Internet Access Setup. 



Menu 4 - Internet Access Setup 

ISP's Name- ChangeMe 
Encapsulation- Ethernet 

Service Type- Standard 

My Login= N/A 

My Password^ N/A 

Login Server IP= N/A 

IP Address Assignment- Dynamic 

IP Address^ N/A 

IP Subnet Mask= N/A 

Gateiiay TP '.drh-rrn — H/ft _ 

Network Address Translation- SUA Only 



Press ENTER to Confirm or ESC to Cancel: 



Figure 6-3 Menu 4 — Applying NAT for Internet Access 

The following figure shows how you apply NAT to the remote node in menu 11.1. 
Step 1 . Enter 1 1 from the main menu. 

Step 2. Move the cursor to the Edit IP field, press [SPACE BAR] to select Yes and then press [ENTER] 
to bring up Menu 11.3 — Remote Node Network Layer Options. 
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Menu 11.3 - Remote Node Network Layer Options 

IP Address Assignment- Dynamic 

IP Address^ N/A 

IP Subnet Mask= N/A 

Gatewa y TP Addr= m/a 

Network Address Translation^ SUA Only J) 

Private= N/A 

RIP Direction- None 

Version= N/A 
Multicast^ None 



Enter here to CONFIRM or ESC to CANCEL: 
Press Space Bar to Toggle. 



Figure 6-4 Menu 11.3 — Applying NAT to the Remote Node 

The following table describes the options for Network Address Translation. 



Table 6-3 Applying NAT in Menus 4 and 11.3 









Network 
Address 
Translation 


Full 

Feature 


When you select this option the SMT will use Address Mapping Set 1 
(menu 15.1 - see section 6.3.1 for further discussion). You can configure 
any of the mapping types described in Table 6-2. Choose Full Feature if 
you have multiple public WAN IP addresses for your Prestige. 




None 


NAT is disabled when you select this option. 




SUA Only 


When you select this option the SMT will use Address Mapping Set 255 
(menu 15.1 - see section 6.3.1). Choose SUA Only if you have just one 
public WAN IP address for your Prestige. 



6.3 NAT Setup 

Use the Address Mapping Sets menus and submenus to create the mapping table used to assign global 
addresses to computers on the LAN. You can see two NAT Address Mapping sets in menu 15.1. You can 
only configure Set 1. Set 255 is used for SUA. When you select Full Feature in menu 4 or 11.3, the SMT 
will use Set 1, which supports all mapping types as outlined in Table 6-2. When you select SUA Only, the 
SMT will use the pre-configured Set 255 (read only). 
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A server set is a list of LAN side servers mapped to external ports. To use this set (one set for the Prestige 
50), a server rule must be set up inside the NAT Address Mapping set. Please see section 6.4 for further 
information on these menus. To configure NAT, enter 15 from the main menu to bring up the following 
screen. 



1 . 

2 . 



Address Mapping Sets 
Server Set 



Enter Menu Selection Number: 



Menu 15 — NAT Setup 




Figure 6-5 Menu 15 — NAT Setup 



6.3.1 Address Mapping Sets 



Enter 1 to bring up Menu 15.1 — Address Mapping Sets. 



Menu 15.1— Address Mapping Sets 



1 . NAT_SET 
255. SUA (read only) 



Enter Menu Selection Number: 



Figure 6-6 Menu 15.1 — Address Mapping Sets 



SUA Address Mapping Set 

Enter 255 to display the next screen. The fields in this menu cannot be changed. 
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Menu 15.1.255 - Address Mapping Rules 

Set Name = SUA 

Idx Local Start IP Local End IP Global Start IP Global End IP Type 



1. 0.0.0.0 255.255.255.255 0.0.0.0 M-l 

2 . 0.0.0.0 Server 

3 . 

4 . 

5 . 

6 . 

7 . 

8 . 

9 . 
10 . 



Press ENTER to Confirm or ESC to Cancel: 



Figure 6-7 Menu 15.1.255 - SUA Address Mapping Rules 



The fields in Menu 15.1.255 are read-only. 



Table 6-4 SUA Address Mapping Rules 



FIELD 


DESCRIPTION 


EXAMPLE 


Set Name 


This is the name of the set you selected in menu 15.1 or 
enter the name of a new set you want to create. 


SUA 


Idx 


This is the index or rule number. 


1 


Local Start IP 
Local End IP 


Local Start IP is the starting local IP address (ILA). 

Local End IP is the ending local IP address (ILA). If the 
rule is for all local IPs, then the Start IP is 0.0.0.0 and the 
End IP is 255.255.255.255. 


0.0.0.0 
255.255.255.255 


Global Start IP 


This is the starting global IP address (IGA). If you have a 
dynamic IP, enter 0.0.0.0 as the Global Start IP. 


0.0.0.0 


Global End IP 


This is the ending global IP address (IGA). 


N/A 


Type 


These are the mapping types discussed above (see 
Table 6-2). Server allows us to specify multiple servers 
of different types behind NAT to this machine. See later 
for some examples. 


Server 


Once you have finished configuring a rule in this menu, press [ENTER] at the message "Press ENTER to 
Confirm..." to save your configuration, or press [ESC] to cancel. 
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User-Defined Address Mapping Sets 

Now let's look at option 1 in menu 15.1. Enter 1 to bring up this menu. We'll just look at the differences 
from the previous menu. Note the extra Action and Select Rule fields mean you can configure rules in this 
screen. Note also that the [?] in the Set Name field means that this is a required field and you must enter a 
name for the set. If the Set Name field is left blank, the entire set will be deleted. 



Menu 15.1.1 - Address Mapping Rules 

Set Name= NAT_SET 

Idx Local Start IP Local End IP Global Start IP Global End IP Type 

1 . 
2 

3 . 

4 . 

5 . 

6 . 

7 . 

8 . 

9 . 
10 . 

Actions Edit Select Rule=N/A 

Press ENTER to Confirm or ESC to Cancel: 



Figure 6-8 Menu 15.1.1 — First Set 



The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 
(described later) and the values are displayed here. 

Ordering Your Rules 

Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a 
rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are 
ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up 
by that number of empty rules. For example, if you have already configured rules 1 to 6 in your current set 
and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9. 

Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so as old rule 5 becomes rule 4, old rule 6 
becomes rule 5 and old rule 7 becomes rule 6. 
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Table 6-5 Fields in Menu 15.1.1 



FIELD 


DESCRIPTION 


EXAMPLE 


Set Name 


Enter a name for this set of rules. This is a required field. If this 
field is left blank, the entire set will be deleted. 


NAT_SET 


Action 


The default is Edit. Edit means you want to edit a selected rule 
(see following field). Insert Before means to insert a rule before 
the rule selected. The rules after the selected rule will then be 
moved down by one rule. Delete means to delete the selected rule 
and then all the rules after the selected one will be advanced one 
rule. None disables the Select Rule item. 


Edit 


Select Rule 


When you choose Edit, Insert Before or Delete in the previous 
field the cursor jumps to this field to allow you to select the rule to 
apply the action in question. 


1 



You must press [ENTER] at the bottom of the screen to save the whole set. You 
must do this again if you make any changes to the set - including deleting a rule. 
No changes to the set take place until this action is taken. 

Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu 15.1.1.1 — 
Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and Global 
Start/End IPs. 



An End IP address must be numerically greater than its corresponding IP Start 

address. 



Menu 15.1.1.1 Address Mapping Rule 

Type= One-to-One 

Local IP: 
Start= 

End = N/A 

Global IP: 
Start= 
End = N/A 

Press ENTER to Confirm or ESC to Cancel: 



Press Space Bar to Toggle. 



Figure 6-9 Menu 15.1.1.1 — Editing/Configuring an Individual Rule in a Set 
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Table 6-6 Menu 15.1.1.1 — Editing/Configuring an Individual Rule in a Set 



FIELD 


DESCRIPTION 


EXAMPLE 


Type 


Press [SPACE BAR] to toggle through a total of five types. These 
are the mapping types discussed in Table 6-2. Server allows you to 
specify multiple servers of different types behind NAT to this 
computer. See section 6.5.3 for an example. 


One-to-One 


Local IP 

Start 
End 


Only local IP fields are N/A for server; Global IP fields MUST be set 
for Server. 

This is the starting local IP address (ILA). 

This is the ending local IP address (ILA). If the rule is for all local IPs, 
then put the Start IP as 0.0.0.0 and the End IP as 255.255.255.255. 
This field is N/A for One-to-One and Server types. 


0.0.0.0 

N/A 


Global IP 

Start 

End 


This is the starting global IP address (IGA). If you have a dynamic 
IP, enter 0.0.0.0 as the Global IP Start. Note that Global IP Start 
can be set to 0.0.0.0 only if the types are Many-to-One or Server. 

This is the ending global IP address (IGA). This field is N/A for One- 
to-One, Many-to-One and Server types. 


0.0.0.0 
N/A 


Once you have finished configuring a rule in this menu, press [ENTER] at the message "Press ENTER to 
Confirm..." to save your configuration, or press [ESC] to cancel. 



6.4 NAT Server Sets - Port Forwarding 

A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can 
make visible to the outside world even though NAT makes your whole inside network appear as a single 
machine to the outside world. 

Use Menu 15 — NAT Setup to forward incoming service requests to the server(s) on your local network. 
You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of 
the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on 
port 21. In some cases, such as for unknown services or where one server can support more than one service 
(for example both FTP and web service), it might be better to specify a range of port numbers. Entry 12 (port 
1026) is non-editable (see Figure 6-10). 

In addition to the servers for specified services, NAT supports a default server. A service request that does 
not have a server explicitly designated for it is forwarded to the default server. If the default is not defined, 
the service request is simply discarded. 
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Many residential broadband ISP accounts do not allow you to run any server 
processes (such as a Web or FTP server) from your location. Your ISP may 
periodically check for servers and may suspend your account if it discovers any 



The most often used port numbers are shown in the following table. Please refer to RFC 1 700 for further 
information about port numbers. Please also refer to the included disk for more examples and details on 
NAT. 



Table 6-7 Services & Port Numbers 





FCHO 


7 


FTP (File Transfer Protocol) 


21 


Telnet 


23 


SMTP (Simple Mail Transfer Protocol) 


25 


DNS (Domain Name System) 


53 


Finger 


79 


HTTP (Hyper Text Transfer protocol or WWW, Web) 


80 


POP3 (Post Office Protocol) 


110 


NNTP (Network News Transport Protocol) 


119 


SNMP (Simple Network Management Protocol) 


161 


SNMP trap 


162 


PPTP (Point-to-Point Tunneling Protocol) 


1723 



6.4.1 Configuring a Server behind NAT 

Follow these steps to configure a server behind NAT: 

Step 1 . Enter 15 in the main menu to go to Menu 15 — NAT Setup. 

Step 2. Enter 2 to go to Menu 15.2 — NAT Server Setup. 

Step 3. Enter a port number in an unused Start Port No field. To forward only one port, enter it again in 
the End Port No field. To specify a range of ports, enter the last port to be forwarded in the End 
Port No field. 

Step 4. Enter the inside IP address of the server in the IP Address field. In the following figure, you have 
a computer acting as an FTP, Telnet and SMTP server (ports 21, 23 and 25) at 192.168.1.33. 
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Step 5. Press [ENTER] at the "Press ENTER to confirm ..." prompt to save your configuration after you 
define all the servers or press [ESC] at any time to cancel. 



Menu 15.2 - NAT Server Setup 



Rule 


Start Port 


No . End Port No . 


IP Address 


1 . 


Default 


Default 


0.0.0.0 


2 . 


21 


25 


192 .168.1.33 


3. 


0 


0 


0.0.0.0 


4 . 


0 


0 


0.0.0.0 


5. 


0 


0 


0.0.0.0 


6. 


0 


0 


0.0.0.0 


7 . 


0 


0 


0.0.0.0 


8 . 


0 


0 


0.0.0.0 


9. 


0 


0 


0.0.0.0 


10 . 


0 


0 


0.0.0.0 


11. 


0 


0 


0.0.0.0 


12 . 


1026 


1026 


RR Reserved 




Press ENTER 


to Confirm or ESC to 


Cancel : 



Figure 6-10 Menu 15.2 — NAT Server Setup 

The NAT network appears as 
a single host on the Internet 



FTP/Tel net/SMTP server 
IP address : 
192.168.1.33 



J* 
O 



0 
0) 



0 >, Computer 
</) _Q IP address = 
JJJ "D 192.168.1.34 

^ 0 



> ro If) 

□lOz is 



Computer 
IP address = 
192.16ai.35 




I- 192.168.1.1 

Prestige 



Computer 
IP address = 
192.16&1.36 




IP address assigned 
by ISP 



Figure 6-11 Multiple Servers Behind NAT Example 
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6.5 General NAT Examples 



6.5.1 Example 1 : Internet Access Only 

In the following Internet access example, you only need one rule where all your ILAs (Inside Local 
addresses) map to one dynamic IGA (Inside Global Address) assigned by your ISP. 



PC 2 




PC 3 



PC 4 



One Dynamic 
Inside Global 
Addresses (IGA) 
Assigned by ISP 



Figure 6-12 NAT Example 1 



Menu 4 - Internet Access Setup 

ISP's Name- ChangeMe 
Encapsulation- Ethernet 
Service Type= Standard 

My Login- N/A 

My Password- N/A 

Login Server IP- N/A 

IP Address Assignment- Dynamic 
IP Address- N/A 

_ tp S u bnet Maate- N /7 \ 

Gat eway IP Address- N/A 
Network Address Translation- sua uniy 



Press ENTER to Confirm or ESC to Cancel: 




Figure 6-13 Menu 4 — Internet Access and NAT Example 
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From menu 4 shown above, simply choose the SUA Only option from the Network Address Translation 
field. This is the Many-to-One mapping discussed in section 6.5. The SUA Only read-only option from the 
Network Address Translation field in menus 4 and 1 1.3 is specifically pre-configured to handle this case. 



6.5.2 Example 2: Internet Access with an Inside Server 




Inside Server 
IP = 192.168.1.10 

Figure 6-14 NAT Example 2 

In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 
15.2 to specify the Inside Server behind the NAT as shown in the next figure. 
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Menu 15.2 - NAT Server Setup 



Rule Start Bact Eto 



End Port No 



TP Sr|H-roQg 



2 . 

3 . 

4 . 
5. 

6 . 

7 . 



10 . 
11 . 
12 . 



Default 
0 
0 
0 
0 
0 
0 
0 



Default 



0.0.0.0 
0.0.0.0 
0.0.0.0 
RR Reserved 



Press ENTER to Confirm or ESC to Cancel: 




Figure 6-15 Menu 15.2 — Specifying an Inside Server 



6.5.3 Example 3: Multiple Public IP Addresses With Inside Servers 

In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP 
server. All departments share the same router. The example will reserve one IGA for each department with 
an FTP server and all departments use the other IGA. Map the FTP servers to the first two IGAs and the 
other LAN traffic to the remaining IGA. Map the third IGA to an inside web server and mail server. Four 
rules need to be configured, two bi-directional and two uni-directional as follows. 

Rule 1 . Map the first IGA to the first inside FTP server for FTP traffic in both directions (1 : 1 mapping, 
giving both local and global IP addresses). 

Rule 2. Map the second IGA to our second inside FTP server for FTP traffic in both directions (1 : 1 
mapping, giving both local and global IP addresses). 

Rule 3. Map the other outgoing LAN traffic to IGA3 (Many : 1 mapping). 

Rule 4. You also map your third IGA to the web server and mail server on the LAN. Type Server allows 
you to specify multiple servers, of different types, to other computers behind NAT on the LAN. 

The example situation looks somewhat like this: 
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Other 
Computers 
on the LAN 




Mapping Rules 

1. FTP1 < — >IGA1 Type 1:1 

2. FTP2< — >IGA2Type1:1 

3. Other LAN traffic ->IGA 3, Type M-1(Outgoing Traffic) 
4. IGA 3 — — >lnternal web server and mail server (Incoming Traffic) 



Prestige 



0 0 0 0 0 0 0 0 



Mail 
Server 
192.168.1.20 



r 



3 IGAs 

10.132.50.1 =IGA1 

10.132.50.2 = IGA 2 

10.132.50.3 = IGA 3 




FTP Server 1 
192.168.1.10 



FTP Server 2 
192.168.1.11 



Figure 6-16 NAT Example 3 



Step 1 . In this case you need to configure Address Mapping Set 1 from Menu 15.1 — Address Mapping 
Sets. Therefore you must choose the Full Feature option from the Network Address 
Translation field (in menu 4 or menu 11.3) in Figure 6-17. 

Step 2. Then enter 15 from the main menu. 

Step 3. Enter 1 to configure the Address Mapping Sets. 

Step 4. Enter 1 to begin configuring this new set. Enter a Set Name, choose the Edit Action and then 
enter 1 for the Select Rule field. Press [ENTER] to confirm. 

Step 5. Select Type as One-to-One (direct mapping for packets going both ways), and enter the local 

Start IP as 192.168.1.10 (the IP address of FTP Server 1), the global Start IP as 10.132.50.1 (our 
first IGA). (See Figure 6-18). 

Step 6. Repeat the previous step for rules 2 to 4 as outlined above. 

Step 7. When finished, menu 15.1.1 should look like as shown in Figure 6-19. 
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Menu 11.3 - Remote Node Network Layer Options 

IP Address Assignment- Dynamic 

IP Address^ N/A 

IP Subnet Mask= N/A 

Gateway IP Addr= N/A 



Network Address Translation^ 
~Met±±c= W/A 



Private^ N/A 

RIP Direction- None 

Version- N/A 



Enter here to CONFIRM or ESC to CANCEL : 



Figure 6-17 Example 3: Menu 11.3 

The following figure shows how to configure the first rule. 



Menu 15.1.1.1 Address Mapping Rule 



Typ^^ ne-to-^ One^ 

Local IP: ^ 

Start =/192 .168.1.10 




Global IP 
Start=(lO L 
End 



Press ENTER to Confirm or ESC to Cancel: 
Press Space Bar to Toggle. 

Figure 6-18 Example 3: Menu 15.1.1.1 
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Menu 15.1.1 - Address Mapping Rules 

Set Name£ Example3 
Idx Local TT-TTT ^ir Tn -ii-n 1 T in l IT 




S±ub il "f nr t TF G lpba] End IP 



10 . 132 .50.1 
10 . 132 .50.2 
255.255.255.255 10.132.50.3 
10.132.50.3 




Actions Edit Select Rule= 

Press ENTER to Confirm or ESC to Cancel: 



Figure 6-19 Example 3: Final Menu 15.1.1 

Now configure the IGA3 to map to our web server and mail server on the LAN. 
Step 8. Enter 15 from the main menu. 

Step 9. Now enter 2 from this menu and configure it as shown in Figure 6-20. 



Menu 15.2 - NAT Server Setup 



Rule Start Port No. 



End Port No . 



IP Address 



2 . 


Default 
80 


Default 
80 


0 . 0 

192 


. 0 . 
. 16 


0 

8.1.21 






25 


192 


. 16 


8J_J* 


4 . 


0 


U 


0 . 


0 


. 0 . 


0 


5 . 


0 


0 


0. 


0 


.0. 


0 


6 . 


0 


0 


0. 


0 


.0. 


0 


7 . 


0 


0 


0. 


0 


.0. 


0 


8 . 


0 


0 


0 . 


0 


. 0 . 


0 


9 . 


0 


0 


0 . 


0 


. 0 . 


0 


10 . 


0 


0 


0. 


0 


.0. 


0 


11 . 


0 


0 


0. 


0 


.0. 


0 


12 . 


1026 


1026 


RR 


Res 


erved 



Press ENTER to Confirm or ESC to Cancel: 



Figure 6-20 Example 3: Menu 15.2 
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6.5.4 Example 4: NAT Unfriendly Application Programs 

Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is 
better to use Many-One-to-One mapping as port numbers do not change for Many-One-to-One (and 
One-to-One) NAT mapping types. The following figure illustrates this. 

Game Player 1 
192.168.1.10 




Game Player 3 
192.168.1.12 



Figure 6-21 NAT Example 4 



Other applications such as some gaming programs are NAT unfriendly because 
they embed addressing information in the data stream. These applications won't 
work through NAT even when using One-to-One and Many-One-to-One mapping 

types. 



Follow the steps outlined in example 3 to configure these two menus as follows. 
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Menu 15.1.1.1 Address Mapping Rule 

Type= Many-One- to-One 

Local IP: 

Start= 192.168.1.10 
End = 192.168.1.12 



Global IP: 

Start= 10.132.50.1 
End = 10.132.50.3 



Press ENTER to Confirm or ESC to Cancel: 



Figure 6-22 Example 4: Menu 15.1.1.1 — Address Mapping Rule 

After you've configured your rule, you should be able to check the settings in menu 15.1.1 as shown next. 


Menu 15.1.1 - Address Mapping Rules 

Set Name- Example4 

Idx Local Start IP Local End IP Global Start IP Global End IP Type 

1. 192.168.1.10 192.168.1.12 10.132.50.1 10.132.50.3 M:l:l 

2 . 

3 . 

4 . 

5 . 

6 . 

7 . 

8 . 

9 . 
10. 

Actions Edit Select Rule= 

Press ENTER to Confirm or ESC to Cancel: 



Figure 6-23 Example 4: Menu 15.1.1 — Address Mapping Rules 

6.6 Trigger Port Forwarding 

The Prestige monitors outgoing data for a specific port number and protocol (trigger). When there is a match, 
the Prestige records the IP address of the computer on the LAN that sent the matching data. When the 
requested data comes back, the Prestige applies the port mapping rules and uses the recorded IP address to 
get the data back to the proper computer. 
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LAN computers dynamically take turns using the mapping based on the trigger port. There is no need to 
reconfigure a new IP address each time you want a different computer (as you would with Port Forwarding) 
to use the application. 

6.6.1 Two Points To Remember About Trigger Ports 

1. Trigger events only happen on data coming from inside the Prestige to the outside. 

2. If an application needs a continuous data stream, that port (range) will be tied up so that another 
computer on the LAN can't trigger it. 



Enter 3 in menu 15 to display Menu 15.3 — Trigger Port Setup, shown next. 

I : L 

Menu 15.3 - Trigger Port Setup 



Incoming Trigger 



Rule Name Start Port End Port Start Port End Port 



1. Real Audio 6970 7170 7070 7070 

2 . 0 0 0 0 

3 . 0 0 0 0 

4 . 0 0 0 0 

5 . 0 0 0 0 

6 . 0 0 0 0 

7 . 0 0 0 0 

8 . 0 0 0 0 

9 . 0 0 0 0 

10. 0 0 0 0 

11. 0 0 0 0 

12. 0 0 0 0 



Press ENTER to Confirm or ESC to Cancel: 



Figure 6-24 Menu 15.3 — Trigger Port Setup 



Table 6-8 Menu 15.3 — Trigger Port Setup Description 



Rule 


This is the rule index number. 


1 


Name 


Enter a unique name for identification purposes. You may enter up to 15 
characters in this field. All characters are permitted - including spaces. 


Real Audio 


Incoming 


Incoming is a port (range) that accepts WAN traffic. It is the "listening " port 
of the client software on LAN computers. 




Start Port 


Enter a port number or the starting port number in a range of port numbers. 


6970 
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FIELD 


DESCRIPTION 


EXAMPLE 


End Port 


Enter a port number or the ending port number in a range of port numbers. 


7170 


Trigger 

Start Port 
End Port 


Trigger is a port (range) your Prestige checks to "remember" a computer IP 
address on the LAN when it sends traffic from the LAN to the WAN. It is the 
"listening" port of the server on the WAN side. 

Enter a port number or the starting port number in a range of port numbers. 
Enter a port number or the ending port number in a range of port numbers. 


7070 
7070 


Press [ENTER] at the message "Press ENTER to Confirm..." to save your configuration, or press [ESC] 
at any time to cancel. 



6.6.2 Trigger Port Forwarding Process 

The following is an example of trigger port forwarding. 




Figure 6-25 Trigger Port Forwarding Process — Example 



1 . Jane requests a file from the Real Audio server. 

2. Port 7070 is a trigger port the Prestige uses to remember Jane's computer IP address. 

3. The Real Audio server responds using a port number ranging between 6970-7170. 

4. The Prestige associates this "incoming" port with the trigger port, remembers Jane's computer IP 
address and then forwards the traffic to her computer. 

5. Only Jane can connect to the Real Audio server until the connection is closed or times out 1 . 



1 The Prestige will time out in three minutes when using UDP (User Datagram Protocol); two hours when 
using TCP/IP (Transfer Control Protocol/Internet Protocol). 
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Part III: 



Advanced Management 



This section provides information on Filter Configuration, SNMP Configuration, System Information 
and Diagnosis, Firmware and Configuration File Maintenance, System Maintenance, Internal 
SPTGEN, Remote Management and Call scheduling. 
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Chapter 7 
Filter Configuration 

This chapter shows you how to create and apply filter(s). 

7.1 About Filtering 

Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are 
two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol 
filters, which are discussed later. 

Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided 
into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering 
can be applied on either the WAN side or the Ethernet side. Call filtering is used to determine if a packet 
should be allowed to trigger a call. Remote node call filtering is only applicable when using PPTP or PPPoE 
encapsulation {refer to the Remote Node Setup chapter). Outgoing packets must undergo data filtering before 
they encounter call filtering as shown in the following figure. 



Call Filtering 



Outgoing 
Packet 



Data 
Filtering 



No 
match 



Built-in 
default 
Call Filters 



Drop 
packet 



Drop packet 
if line not up 



No 
match| 



User-defined 
Call Filters 
(if applicable) 



Drop packet 
if line not up 



No 
! match 



Initiate call 
if line not up 



Send packet 
and reset 
Idle Timer 



Send packet 
but do not reset 
Idle Timer 



Send packet 
but do not reset 
Idle Timer 



Figure 7-1 Outgoing Packet Filtering Process 



For incoming packets, your Prestige applies data filters only. Packets are processed depending upon whether 
a match is found. The following sections describe how to configure filter sets 
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7. 1. 1 The Filter Structure of the Prestige 

A filter set consists of one or more filter rules. Usually, you would group related rules, for example, all the 
rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to 
twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device 
filter rules and protocol filter rules within the same set. You can apply up to four filter sets to a particular port 
to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 
rules active for a single port. 

Three sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from 
triggering calls and to prevent incoming telnetting and FTP connections from the WAN side. A summary of 
their filter rules is shown in the figures that follow. 

The following figure illustrates the logic flow when executing a filter rule. 
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Fetch First 
Filter Set 



Fetch Next 
Filter Set 



Filter Set 



Fetch First 
Filter Rule 



Yes 



Yes- 



Fetch Next 
Filter Rule 




Execute Filter 
Rule 



Check Next Rule - 



No 



Drop Packet 



-Drop- 



Figure 7-2 Filter Rule Process 



Forward 

I 

(^Accept Packet 



You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set 
having up to six rules, you can have a maximum of 24 rules active for a single port. 
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7.2 Configuring a Filter Set 

To configure a filter set, follow the procedure below. Enter 21 from the main menu to display menu 21. 
Step 1 . Enter 1 to display the following menu. 



Menu 21.1 - Filter Set Configuration 



Filter 
Set # 

1 
2 
3 
4 
5 
6 



Comments 

NetBIOS_WAN 
NetBIOS_LAN 
TEL_FTP_WEB_WAN 

SNMP WAN 



Filter 
Set # 



9 

10 
11 
12 



Enter Filter Set Number to Configure= 0 
Edit Comment s- 

Press ENTER to CONFIRM or ESC to CANCEL : 



Figure 7-3 Menu 21 — Filter Set Configuration 

Step 2. Select the filter set you wish to configure (no. 1-12) and press [ENTER]. 

Step 3. Enter a descriptive name or comment in the Edit Comments field and press [ENTER]. 

Step 4. Press [ENTER] at the message: [Press ENTER to confirm] to open Menu 21.1.1 — Filter Rules 
Summary. 



# A Type 



Menu 21.1 - Filter Rules Summary 
Filter Rules 



1 Y IP 

2 Y IP 

3 Y IP 

4 Y IP 

5 Y IP 

6 Y IP 



Pr=6 , 
Pr=6 , 
Pr=6 , 
Pr=17, 
Pr=17, 
Pr=17, 



.0.0 
.0.0 



SA=0 . 0 
SA=0 . 0 
SA=0 .0.0.0 
SA=0 .0.0.0 
SA=0 .0.0.0 
SA=0 .0.0.0 



DA=0 . 0 . 
DA=0 . 0 . 
DA=0 . 0 . 
DA=0 . 0 . 



0.0, 
0.0, 
0.0, 
0.0, 



DA=0. 0.0.0, 



DP=137 
DP=138 
DP=139 
DP=137 
DP=138 



DA=0. 0.0.0, DP=139 



Enter Filter Rule Number (1-6) to Configure: 



N D N 

N D N 

N D N 

N D N 

N D N 

N D F 



Figure 7-4 NetBIOS WAN Filter Rules Summary 



7-4 



Filter Configuration 



Prestige 310 Broadband Sharing Gateway 



Menu 21.2 - Filter Rules Summary 
# A Type Filter Rules 



1 Y IP 

2 Y 

3 Y 

4 Y 

5 Y 

6 Y 



Pr=17, SA=0. 0.0.0, SP=137, DA=0. 0.0.0, DP=53 



Enter Filter Rule Number (1-6) to Configure: 



Figure 7-5 NetBIOS _LAN Filter Rules Summary 



# A Type 


Menu 21.3 - Filter Rules 
Filter Rules 


Summary 


M 


m 


n 


1 Y IP Pr=6, 


SA=0. 0.0.0, DA=0. 0.0.0, DP=23 




N 


D 


N 


2 Y IP Pr=6, 


SA=0. 0.0.0, DA=0. 0.0.0, DP=21 




N 


D 


N 


3 Y IP Pr=6, 


SA=0. 0.0.0, DA=0. 0.0.0, DP=80 




N 


D 


F 


4 N 












5 N 












6 N 














Enter Filter Rule Number (1- 


6) to Configure: 









Figure 7-6 TEL FTP WEB WAN Filter Rules Summary 



# A Type 



Menu 21.5 - Filter Rules Summary 
Filter Rules 



1 Y IP Pr=17, SA=0. 0.0.0, DA=0. 0.0.0, DP=161 

2 N 

3 N 

4 N 

5 N 

6 N 



M m n 
N D F 



Enter Filter Rule Number (1-6) to Configure: 




Figure 7-7 SNMP_WAN Filter Rules Summary 



7.2.1 Filter Rules Summary Menu 

This screen shows the summary of the existing rules in the filter set. The following tables contain a brief 
description of the abbreviations used in the previous menus. 
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Table 7-1 Abbreviations Used in the Filter Rules Summary Menu 



FIELD 


DESCRIPTION 


# 


The filter rule number: 1 to 6. 


A 


Active: "Y" means the rule is active. "N" means the rule is inactive. 


Type 


The type of filter rule: "GEN" for Generic, "IP" for TCP/IP. 


Filter Rules 


These parameters are displayed here. 


M 


More. 

"Y" means there are more rules to check which form a rule chain with the present rule. 
An action cannot be taken until the rule chain is complete. 

"N" means there are no more rules to check. You can specify an action to be taken 
i.e., forward the packet, drop the packet or check the next rule. For the latter, the next 
rule is independent of the rule just checked. 


m 


Action Matched. 

"F" means to forward the packet immediately and skip checking the remaining rules. 
"D" means to drop the packet. 
"N" means to check the next rule. 


n 


Action Not Matched. 

"F" means to forward the packet immediately and skip checking the remaining rules. 
"D" means to drop the packet. 
"N" means to check the next rule. 



The protocol dependent filter rules abbreviation are listed as follows: 

Table 7-2 Rule Abbreviations Used 



ABBREVIATION 


DESCRIPTION 


IP 




Pr 


Protocol 


SA 


Source Address 


SP 


Source Port number 


DA 


Destination Address 


DP 


Destination Port number 


GEN 




Off 


Offset 


Len 


Length 



Refer to the next section for information on configuring the filter rules. 
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7.2.2 Configuring a Filter Rule 

To configure a filter rule, type its number in Menu 21.1 — Filter Rules Summary and press [ENTER] to 
open menu 21.1.1 for the rule. 

To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or generic filters. 
The class of a filter set is determined by the first rule that you create. When applying the filter sets to a port, 
separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a 
device filter field or vice versa, the Prestige will warn you and will not allow you to save. 

7.2.3 TCP/IP Filter Rule 

This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the 
fields in the IP and the upper layer protocol, for example, UDP and TCP headers. 

To configure TCP/IP rules, select press [ENTER] to open Menu 21.1.1 — TCP/IP Filter Rule, as shown 
next. 





Menu 21 


1.1 - TCP/IP Filter Rule 




Filter #: 1,1 






Filter Type= 


TCP/IP Filter Rule 




Active^ Yes 






IP Protocols 


6 IP Source Route- No 




Destination : 


IP Addr= 0.0.0.0 






IP Mask= 0.0.0.0 






Port #= 137 






Port # Comp- Equal 




Source : 


IP Addr= 0.0.0.0 






IP Mask= 0.0.0.0 






Port #= 






Port # Comp= None 




TCP Estab= Nc 






More = No 


Log- None 




Action Matched- Drop 




Action Not Matched- Check Next Rule 




Press ENTER 


to Confirm or ESC to Cancel: 


Pres. 


3 Space Bar to Toggle. 





Figure 7-8 Menu 21.1.1 — TCP/IP Filter Rule 

The following table describes how to configure your TCP/IP filter rule. 



Table 7-3 TCP/IP Filter Rule Menu Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


Active 


Yes activates and No deactivates the filter rule. 


Yes 


IP Protocol 


Protocol refers to the upper layer protocol, for example, 


0-255 
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FIELD 


DESCRIPTION 


EXAMPLE 




TCP is 6, UDP is 1 7 and ICMP is 1 . This value must be 
between 0 and 255 




IP Source Route 


If Yes, the rule applies to packet with IP source route 
option; else the packet must not have source route option. 
The majority of IP packets do not have source route. 


No 


Destination 

IP Address 


Enter the destination IP Address of the packet you wish to 
filter. This field reads don't-care if it is 0.0.0.0. 


IP address 


IP Mask 


Enter the IP mask that will be used to mask the bits of the 
IP address given in the Destination IP Address field. 


IP mask 


Port# 


Enter the destination port of the packets that you wish to 
filter. The range of this field is 0 to 65535. This field reads 
don't-care if it is 0. 


0-65535 


Port # Comp 


Select the comparison to apply to the destination port in 
the packet against the value given in Destination Port # 
field. Options are: None, Less, Greater, Equal or Not 
Equal. 


Equal 


Source 

IP Address 


Enter the source IP Address of the packet you wish to 
filter. This field reads don't-care if it is 0.0.0.0. 


IP Address 


IP Mask 


Enter the IP mask that will be used to mask the bits of the 
IP address given in the Source IP Address field. 


in it j--i, 

IP Mask 


Port# 


Enter the source port of the packets that you wish to filter. 
The range of this field is 0 to 65535. This field reads 
don't-care if it is 0. 


0-65535 


Port # Comp 


Select the comparison to apply to the source port in the 
packet against the value given in Source Port # field. 
Options are: None, Less, Greater, Equal or Not Equal. 


None 


TCP Estab 


This field is applicable only when IP Protocol field is 6, 
TCP. If Yes, the rule matches only established TCP 
connections; else the rule matches all TCP packets. 


No 


More 


If Yes, a matching packet is passed to the next filter rule 
before an action is taken; else the packet is disposed of 
according to the action fields. 

If the More field is Yes, then Action Matched and Action 


No 
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FIELD 


DESCRIPTION 


EXAMPLE 




Not Matched will be No. 




Log 


Select the logging option from the following: 

None - No packets will be logged. 

Action Matched - Only packets that match the rule 
parameters will be logged. 

Action Not Matched - Only packets that do not match the 
rule parameters will be logged. 

Both - All packets will be logged. 


None 


Action Matched 


Select the action for a matching packet. Options are 
Check Next Rule, Forward or Drop. 


Drop 


Action Not Matched 


Select the action for a packet not matching the rule. 
Options are Check Next Rule, Forward or Drop. 


Check Next Rule 


Once you have completed filling in Menu 21.1.1.1 — TCP/IP Filter Rule, press [ENTER] at the message 
"Press Enter to Confirm to save your configuration, or press [ESC] to cancel". This data will now be 
displayed on Menu 21.1.1 — Filter Rules Summary. 



The following figure illustrates the logic flow of an IP filter. 
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Yes 



Apply SrcAddrMask 
to Src Addr 



Check Src 
IP Addr 

Matched 

I 

Apply DestAddrMask 

to DestAddr 




Figure 7-9 Executing an IP Filter 
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7.2.4 Generic Filter Rule 

This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to 
filter non-IP packets. For IP, it is generally easier to use the IP rules directly. 

For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify 
the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestige 
applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to 
determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes two 
hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, for 
example, FFFFFFFF. 

To configure a generic rule, select Generic Filter Rule in the Filter Type field in the menu 21.6.1 and 
press [ENTER] to open Menu 21.6.1 — Generic Filter Rule, as shown next. 



Menu 21.6.1 - Generic Filter Rule 
Filter #: 6,1 

Filter Type- Generic Filter Rule 

Active- No 

Offset= 0 

Lengths 0 

Mask= N/A 

Value= N/A 

More- No Log- None 

Action Matched- Check Next Rule 
Action Not Matched- Check Next Rule 



Press ENTER to Confirm or ESC to Cancel: 
Press Space Bar to Toggle. 



Figure 7-10 Menu 21.6.1 — Generic Filter Rule 

The following table describes the fields in the Generic Filter Rule Menu. 



Table 7-4 Generic Filter Rule Menu Fields 



Field 


Description 


Example 


Filter* 


This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the 
second filter set and the third rule of that set. 




Filter Type 


Use the [SPACE BAR] to select a rule. Parameters displayed 
below each type will be different. Options are: Generic Filter 
Rule or TCP/IP Filter Rule. 


Generic Filter Rule 
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Field 


Description 


Example 


Active 


Select Yes to turn on the filter rule. 


No 


Offset 


Enter the starting byte of the data portion in the packet that you 
wish to compare. The range for this field is from 0 to 255. 


0 

(default) 


Length 


Enter the byte count of the data portion in the packet that you 
wish to compare. The range for this field is 0 to 8. 


0 

(default) 


Mask 


Enter the mask (in Hexadecimal) to apply to the data portion 
before comparison. 




Value 


Enter the value (in Hexadecimal) to compare with the data 
portion. 




More 


If Yes, a matching packet is passed to the next filter rule before 
an action is taken; else the packet is disposed of according to the 
action fields. 

If the More field is Yes, then Action Matched and Action Not 
Matched will be No. 


No 


Log 


Select the logging option from the following: 
None - No packets will be logged. 

Action Matched - Only packets that match the rule parameters 
will be logged. 

Action Not Matched - Only packets that do not match the rule 
parameters will be logged. 

Both - All packets will be logged. 


None 


Action 
Matched 


Select the action for a matching packet. Options are: Check Next 
Rule, Forward or Drop. 


Check Next Rule 


Action Not 
Matched 


Select the action for a packet not matching the rule. Options are: 
Check Next Rule, Forward or Drop. 


Check Next Rule 


Once you have completed filling in this menu, press [ENTER] at the message "[Press Enter to Confirm] to 
save your configuration, or press [ESC] to cancel". This data will now be displayed on Menu 21.6 — Filter 
Rules Summary. 
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Your 




Incoming FTP or Telnet 

Traffic Filter 

Figure 7-11 Filter Example 

7.3 Example Filter 

Let's look at an example to block outside users from telnetting into the Prestige. See the included CD for 
more example filters. 

Step 1 . Enter 21 from the main menu to open Menu 21 — Filter Set Configuration. 
Step 2. Enter 1 to open Menu 21.1 — Filter Rules Summary. 

Step 3. Enter the index of the filter set you wish to configure (say "6") and press [ENTER]. 

Step 4. Enter a descriptive name or comment in the Edit Comments field (for example, TELNET WAN) 
and press [ENTER]. 

Step 5. Press [ENTER] at the message "[Press ENTER to confirm] to open Menu 21.6 - TCP/IP Filter 
Rule. 



Filter Configuration 



7-13 



Prestige 310 Broadband Sharing Gateway 



Menu 21.6.1 - TCP/IP Filter Rule 
Filter # : 6,1 

Filter Type = TCP/IP Filter Rule 
Active- Yes 
IP Protocol' 
Destination 

IP Mask 



TCP Estab= 
More 

Actio^ Matched- Drop 
Actiafa Not Matched^ Checjk N< 



Ptfess ENTER to 
Press Space Bar to/Toggle. 



There are no 
more rules to 
check. 




Select Drop here so that 
the packet will be 
dropped if its destination 




Press [SPACE BAR] to choose 
this filter rule type. The first 
filter rule type determines all 
subsequent filter types within a 
set. 




Select Equal 
here as we are 
looking for 
packets going to 
port 21 only. 



The port number for FTP is 21. 
See RFC 1060 for port numbers 
of well-known services. 



Select Check Next Rule here 
so that the next rule in this set 
will be checked. 



Figure 7-12 Example Filter — Menu 21.6.1 

Step 6. Press [ENTER] to confirm and display the next screen. Note that there is only one filter rule in 
this set. 
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Menu 21.1 - Filter Rules Summary 
Filter Rules 
(A=0 .0.0.0, DA=0 .0.0.0, /dP=21 



Enter Filter Rule/ Number ( 1 - 6 ) to Configure : 2 





This shows you that you have 
configured and activated (A = 
Y) a TCP/IP filter rule (Type = 
IP, Pr = 6) for destination FTP 
ports (DP = 21). 



M = N means an action can be taken 
immediately. The action is to drop the 
packet (m = D) if the action is matched and 
to forward the packet immediately (n = N) if 
the action is not matched and there are more 
rules to be checked (there is one more in this 
example). 



Step 7. 



Figure 7-13 Example Filter Rules Summary — Menu 21.3 

Enter 2 in the above menu to configure the second rule. Configure this filter rule with port number 
as 23 (Telnet) as shown in the next screen (after you press [ENTER] to confirm. 
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Menu 21.1 - Filter Rules Summary 




# £ 


Type Filter Rules 


M m n 


1 Y 


IP Pr=6, SA=0. 0.0.0, DA=0. 0.0.0, DP=21 


N D N 


2 Y 


IP Pr-6, SA-0. 0.0.0, DA-0. 0.0.0, DP-23 


N D F 


3 N 






4 N 






5 N 






6 N 








Enter Filter Rule Number (1-6) to Configure: 




Figure 7-14 Example Filter Rules Summary 



After you've created the filter set, you must apply it. 

Step 1 . Enter 1 1 from the main menu to display menu 1 1 . 

Step 2. Go to the Edit Filter Sets field, press the [SPACE BAR] to select No and press [ENTER]. 

Step 3. This brings you to menu 1 1.5. Apply the TELNET FTP WAN filter set (filter set 7) as shown in 
Figure 7-17. 

7.4 Filter Types and NAT 

There are two classes of filter rules, Generic Filter (Device) rules and Protocol Filter (TCP/IP) rules. 
Generic Filter rules act on the raw data from/to LAN and WAN. 
Protocol Filter rules act on the IP packets. 

Generic and TCP/IP filter rules are discussed in more detail in the next section. When NAT (Network 
Address Translation) is enabled, the inside IP address and port number are replaced on a connection-by- 
connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the 
Prestige applies the protocol filters to the "native" IP address and port number before NAT for outgoing 
packets and after NAT for incoming packets. On the other hand, the generic, or device filters are applied to 
the raw packets that appear on the wire. They are applied at the point when the Prestige is receiving and 
sending the packets; i.e. the interface. The interface can be an Ethernet port or any other hardware port. The 
following figure illustrates this. 
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Figure 7-15 Protocol and Device Filter Sets 



7.5 Applying a Filter and Factory Defaults 

This section shows you where to apply the filter(s) after you design it (them). Sets of factory default filter 
rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls and block incoming 
telnet, FTP and HTTP connections. 



7.5.1 LAN Traffic 

You seldom need to filter LAN traffic; however, the filter sets may be useful to block certain packets, reduce 
traffic and prevent security breaches. Go to menu 3.1 (shown below) and enter the number(s) of the filter 
set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by entering 
their numbers separated by commas, for example, 3, 4, 6, 1 1. Input filter sets filter incoming traffic to the 
Prestige and Output filter sets filter outgoing traffic from the Prestige. A factory default set, NetBIOS LAN, 
is inserted in protocol filters field under Input Filter Sets in menu 3. 1 to block NetBIOS traffic to the 
Prestige from the LAN. 



Menu 3.1 - LAN Port Filter Setup 

Input Filter Sets: 
protocol filters= 
device filters^ 
Output Filter Sets: 
Protocol filters= 
device filters^ 

Press ENTER to Confirm or ESC to Cancel: 



Apply 
factory 
default 
filters 



Figure 7-16 Filtering LAN Traffic 
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7.5.2 Remote Node Filters 

Go to menu 1 1.5 (shown next - note that call filter sets are only present for PPPoE encapsulation) and enter 
the number(s) of the filter set(s) as appropriate. You can cascade up to four filter sets by entering their 
numbers separated by commas. The factory default filter set, NetBIOSWAN, can be applied in menu 1 1.5 
to block local NetBIOS traffic from triggering calls to the ISP (when you are using PPPoE or PPTP 
encapsulation only). Enter 1 in protocol filters under Output Filter Sets when using Ethernet encapsulation, 
and in the protocol filters field under Call Filter Sets when using PPPoE or PPTP encapsulation. Apply 
them as shown in the following figure. 




Figure 7-17 Filtering Remote Node Traffic 
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Chapter 8 
SNMP Configuration 

This chapter explains SNMP configuration menu 22. 
SNMP is only available if TCP/IP is configured. 



8.1 About SNMP 

Simple Network Management Protocol is a protocol used for exchanging management information between 
network devices. SNMP is a member of TCP/IP protocol suite. Your Prestige supports SNMP agent 
functionality, which allows a manager station to manage and monitor the Prestige through the network. The 
Prestige supports SNMP version one (SNMPvl). The next figure illustrates an SNMP management 
operation. SNMP is only available if TCP/IP is configured. 



MANAGER 
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An SNMP managed network consists of two main components: agents and a manager. 

An agent is a management software module that resides in a managed device (the Prestige). An agent 
translates the local management information from the managed device into a form compatible with SNMP. 
The manager is the console through which network administrators perform network management functions. 
It executes applications that control and monitor managed devices. 

The managed devices contain object variables/managed objects that define each piece of information to be 
collected about a device. Examples of variables include such as number of packets received, node port status 
etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager 
and agents to communicate for the purpose of accessing these objects. 

SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a 
request and the agent returns responses using the following protocol operations: 

• Get - Allows the manager to retrieve an object variable from the agent. 

• GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In 
SNMPvl, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get 
operation, followed by a series of GetNext operations. 

• Set - Allows the manager to set values for object variables within an agent. 

• Trap - Used by the agent to inform the manager of some events. 

8.2 Supported MIBs 

The Prestige supports MIB II (defined in RFC-1213 and RFC-1215). MIBs let administrators collect statistics 
and monitor status and performance. 

8.3 SNMP Configuration 

To configure SNMP, enter 22 from the main menu to display Menu 22 — SNMP Configuration as shown 
next. The "community" for Get, Set and Trap fields is SNMP terminology for password. 
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Menu 22 - SNMP Configuration 

SNMP: 

Get Community^ public 
Set Community^ public 
Trusted Host = 0.0.0.0 
Trap: 

Community- public 
Destination^ 0.0.0.0 



Press ENTER to Confirm or ESC to Cancel: 



Figure 8-2 Menu 22 — SNMP Configuration 

The following table describes the SNMP configuration parameters. 



Table 8-1 SNMP Configuration Menu Fields 



Get Community 


Type the Get Community, which is the password for the incoming 
Get- and GetNext requests from the management station. 


Public 


Set Community 


Type the Set community, which is the password for incoming Set 
requests from the management station. 


Public 


Trusted Host 


If you enter a trusted host, your Prestige will only respond to SNMP 
messages from this address. A blank (default) field means your 
Prestige will respond to all SNMP messages it receives, regardless 
of source. 


Blank 


Trap: Community 


Type the trap community, which is the password sent with each 
trap to the SNMP manager. 


Public 


Trap: Destination 


Type the IP address of the station to send your SNMP traps to. 


Blank 


When you have completed this menu, press [ENTER] at the prompt "Press [ENTER] to confirm or [ESC] to 
cancel" to save your configuration or press [ESC] to cancel and go back to the previous screen. 



8.4 SNMP Traps 

The Prestige will send traps to the SNMP manager when any one of the following events occurs: 
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Table 8-2 SNMP Traps 



TRAP # 


TRAP NAME 


DESCRIPTION 


0 


coldStart (defined in RFC-1215) 


A trap is sent after booting (power on). 


1 


warmStart (defined in RFC-1215) 


A trap is sent after booting (software reboot). 


4 


authenticationFailure (defined in 
RFC-1215) 


A trap is sent to the manager when receiving any SNMP 
get or set requirements with wrong community (password). 


6 


whyReboot (defined in ZYXEL- 

h ill D\ 

Mlts) 


A trap is sent with the reason of restart before rebooting 
when the system is going to restart (warmstart). 


6a 


For intentional reboot : 


A trap is sent with the message "System reboot by user!" if 
reboot is done intentionally, (for example download new 
files, CI command "sys reboot", etc.). 


6b 


For fatal error : 


A trap is sent with the message of the fatal code if the 
system reboots because of fatal errors. 
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Chapter 9 

System Information and Diagnosis 

This chapter covers SMT menus 24. 1 to 24 . 4. 

This chapter covers the diagnostic tools that help you to maintain your Prestige. These tools include updates 
on system status, port status, log and trace capabilities and upgrades for the system software. 

Select menu 24 in the main menu to open Menu 24 — System Maintenance, as shown next. 



Menu 24 


- System Maintenance 


1 . 


System Status 


2 . 


System Information and Console Port Speed 


3 . 


Log and Trace 


4 . 


Diagnostic 


5 . 


Backup Configuration 


6 . 


Restore Configuration 


7 . 


Up 1 oad F i rmwar e 


8 . 


Command Interpreter Mode 


9 . 


Call Control 


10 . 


Time and Date Setting 


11 . 


Remote Management Setup 


Enter Menu Selection Number: 



Figure 9-1 Menu 24 — System Maintenance 



9.1 System Status 

The first selection, System Status, gives you information on the version of your system firmware and the 
status and statistics of the ports, as shown in the next figure. System Status is a tool that can be used to 
monitor your Prestige. Specifically, it gives you information on your system firmware version, number of 
packets sent and number of packets received. 

9.1 .1 To get to the System Status: 

• Enter 24 to display Menu 24 — System Maintenance. 

• In this menu, enter number 1 to open Menu 24.1 — System Maintenance — Status. 
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• There are three commands in Menu 24.1 — System Maintenance — Status. Entering 1 drops the 

WAN (PPTP/PPPoE) connection, 9 resets the counters and [ESC] takes you back to the previous screen. 

The table shown next describes the fields present in Menu 24.1 — System Maintenance — Status. Note 
that these fields are read-only and are for diagnostic purposes. 



Port Status 
WAN Down 
LAN Down 



Menu 24.1 



TxPkts 
1 

0 



System Maintenance - Status 



RxPkts 
0 
0 



Cols 
0 
0 



Tx B/s 

0 
0 



Thus . Jan . 
Rx B/s 

0 

0 



1:39:06 
1. 1970 
Dp Time 
0:00:00 
0:00:00 



: Ethernet Address IP Address IP Mask DHCP 

WAN 00 :a0 : c5 :21 : 8c :a3 0.0.0.0 0.0.0.0 Client 

LAN 00 :a0 : c5 :21 : 8c :a2 192.168.1.1 255.255.255.0 Server 



System up Time: 1:08:22 

Name: P310.www.zyxel.com 
Routing: IP 

ZyNOS F/W Version: V.251 : 2/17/2000 

Press Command: 
COMMANDS: 1-Drop WAN 9-Reset Counters ESC-Exit 

Figure 9-2 Menu 24.1 — System Maintenance — Status 

The following table describes the fields present in Menu 24.1 — System Maintenance — Status. 

Table 9-1 System Maintenance — Status Menu Fields 



FIELD 


DESCRIPTION 


Port 


The WAN or LAN port. 


Status 


Shows the port speed and duplex setting if you're using Ethernet 
Encapsulation and Down (line is down), idle (line (ppp) idle), dial 
(starting to trigger a call) and drop (dropping a call) if you're using 
PPPoE Encapsulation. 


TxPkts 


The number of transmitted packets on this port. 


RxPkts 


The number of received packets on this port. 


Cols 


The number of collisions on this port. 


TxB/s 


Shows the transmission speed in Bytes per second on this port. 


Rx B/s 


Shows the reception speed in Bytes per second on this port. 
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FIELD 


DESCRIPTION 


1 In Timp 

u yj \ ii i ic 


Total amoi int of timp the line has heen i in 

1 \J LCI 1 CI 1 1 IUU 1 1 1 Ul LI 1 1 Iv? LI II 1 IC 1 1 CIO UCCII LI VJ . 


LAN 




Ethernet Address 


The LAN port Ethernet address. 


IP Address 

1 1 / VUUI t/OO 


Thp 1 am nort IP address 

1 1 1 1 / VI N UWI L 1 1 OU V-l 1 O O . 


IP Mask 


The 1 AN nnrt IP mask 

1 1 1 1 / VI N UUI L 1 1 II 1 CIO 1 \ . 


DHCP 


The 1 AN nort DHCP role 

IMC 1 1 \ IN UUI 1 1 ' 1 1 KJ 1 1 Ulu, 


WAN 




Fthemet Address 

1 L 1 1 O 1 1 1 \ j L / WA \A 1 O O 


The WAN nnrt Fthernet address 

1 1 1 \j V V / VI N UUI L 1— — LI lul 1 1 \j L QUU 1 \s O O . 


IP Address 


The WAN nort IP address 

1 1 1 \j V V / VI N UUI L 1 1 QUU 1 \s O O . 


IP Mask 


The WAN port IP mask. 


DHCP 


The WAN port DHCP role. 


System up Time 


The total time the Prestige has been on. 


Name 


This is the Prestige's system name + domain name assigned in menu 
1, for example, System Name= xxx; Domain Name= 
baboo.mickey.com. 

Name= xxx.baboo.mickey.com 


ZyNOS F/W Version 


The ZyNOS Firmware version and the date created. 


You may enter 1 to drop the PPPoE/PPTP connection, 9 to reset the counters or [ESC] to 
return to menu 24. 



9.2 System Information and Console Port Speed 

This section describes your system and allows you to choose different console port speeds. To get to the 
System Information and Console Port Speed: 

Step 5. Enter 24 to go to Menu 24 — System Maintenance. 

Step 6. Enter 2 to open Menu 24.2 — System Information and Console Port Speed. 

Step 7. From this menu you have two choices as shown in the next figure: 
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Menu 24.2 - System Information and Console Port Speed 

1 . System Information 

2 . Console Port Speed 

Please enter selection: 



Figure 9-3 Menu 24.2 — System Information and Console Port Speed 
9.2.1 System Information 

System Information gives you information about your system as shown below. More specifically, it gives 
you information on your routing protocol, country code, Ethernet address, IP address, etc. 



Menu 24.2.1 - System Maintenance - Information 
Name: P310.www.zyxel.com 
Routing: IP 

ZyNOS F/W Version: V2.51 | 2/17/2000 



LAN 

Ethernet Address: 00 : aO : c5 : 21 : 8c : a2 
IP Address: 192.168.1.10 
IP Mask: 255.255.255.0 
DHCP: Server 



Press ESC or RETURN to Exit 



Figure 9-4 Menu 24.2.1 System Maintenance — Information 



Table 9-2 Fields in System Maintenance 



FIELD 


DESCRIPTION 


Name 


This is the Prestige's system name + domain name assigned in menu 
1, for example, System Name= Prestiqe; Domain Name= zvxel.com 

Name= P310.zvxel.com 


Routing 


Refers to the routing protocol used. 


ZyNOS F/W Version 


Refers to the version of ZyXEL's Network Operating System software. 
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FIELD 


DESCRIPTION 


Ethernet Address 




Refers to the Ethernet MAC (Media Access Control) address of your 
Prestige. 


IP Address 


This is the IP address of the Prestige in dotted decimal notation. 


IP Mask 


This shows the subnet mask of the Prestige. 


DHCP 


This field shows the DHCP setting of the Prestige. 



9.2.2 Console Port Speed 

You can change the speed of the console port through Menu 24.2.2 — Console Port Speed. Your Prestige 
supports 9600 (default), 19200, 38400, 57600, and 1 15200 bps for the console port. Use the [SPACE BAR] 
to select the desired speed in menu 24.2.2, as shown next. 

Menu 24.2.2 - System Maintenance - Change Console Port Speed 
Console Port Speed: 115200 



Press ENTER to Confirm or ESC to Cancel: 

Figure 9-5 Menu 24.2.2 — System Maintenance — Change Console Port Speed 

9.3 Log and Trace 

There are three logging facilities in the Prestige. The first is the error logs and trace records that are stored 
locally. The second is the UNIX syslog facility for message logging. 

9.3.1 Viewing Error Log 

The first place you should look for clues when something goes wrong is the error/trace log. Follow the 
procedure below to view the local error/trace log: 

Step 1 . Enter 24 from the main menu to open Menu 24 — System Maintenance. 

Step 2. From menu 24, enter 3 display Menu 24.3 — System Maintenance — Log and Trace. 

Step 3. Enter from Menu 24.3 — System Maintenance — Log and Trace to display the error log in the 
system. 

After the Prestige finishes displaying, you will have the option to clear the error log. 



System Information and Diagnosis 



9-5 



Prestige 310 Broadband Sharing Gateway 



Menu 24.3 - System Maintenance - Log and Trace 



1 . View Error Log 

2 . UNIX Syslog 

4. Call-Triggering Packet 

Please enter selection 



Figure 9-6 Examples of Error and Information Messages 

Examples of typical error and information messages are presented in the figure below. 



59 Thu Jan 1 00:00:03 1970 P 

60 Thu Jan 1 00:05:11 197 

61 Thu Jan 1 00:17:59 197)0 

62 Thu Jan 1 00:24:40 197 
i ^3 Thil T-in 1 00^5:32 1970' 

• — Clear Error Log ( y/n 




(I INFO SMT Session Begins 
PINI INFO SMT Session End 

SMT Session Begin 
SMT Session End 
SMT Session Begi 



Figure 9-7 Examples of Error and Information Messages 



9.3.2 UNIX Syslog 

The Prestige uses the UNIX syslog facility to log the CDR (Call Detail Record) and system messages to a 
syslog server. Enter 2 in menu 24.3 to display and configure Menu 24.3.2 — System Maintenance — 
Syslog and Accounting, as shown next. 
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Menu 24.3.2 -- System Maintenance 


1 

- UNIX Syslog 


UNIX Syslog: 




Active= No 




Syslog IP Address- ? 




Log Facility- Local 1 




Types : 




CDR- No 




Packet triggered- No 




Filter log= No 




PPP log- No 




Press ENTER to Confirm or ESC 


to Cancel : 


Press Space Bar to Toggle. 





Figure 9-8 Menu 24.3.2 — System Maintenance — UNIX Syslog 



You need to configure the UNIX syslog parameters described in the following table to activate syslog then 
choose what you want to log. 



Table 9-3 System Maintenance Menu Syslog Parameters 



PARAMETER 






UNIX Syslog: 




Active 


Press the [SPACE BAR] to turn on or off syslog. 


Syslog IP Address 


Enter the IP Address of the server that will log the CDR (Call Detail Record) and 
system messages i.e., the syslog server. 


Log Facility 


Press the [SPACE BAR] to toggle between the 7 different Local options. The log 
facility allows you to log the message to different files in the server. Please refer to 
your UNIX manual for more detail. 


Types: 




CDR 


Call Detail Record (CDR) logs all data phone line activity if set to Yes. 


Packet triggered 


The first 48 bytes or octets and protocol type of the triggering packet is sent to the 
UNIX syslog server when this field is set to Yes. 


Filter log 


No filters are logged when this field is set to No. Filters with the individual filter Log 
Filter field set to Yes (menu 21 .x.x).) are logged when this field is set to Yes. 


PPP log 


PPP events are logged when this field is set to Yes. 


When finished viewing, press [ESC] or [ENTER] to exit. 



Your Prestige sends five types of syslog messages. Some examples (not P310 specific) of these syslog 
messages with their message formats are shown next: 
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1. CDR 

CDR Message Format 



SdcmdSyslogSend( SYSLOG_CDR, SYSLOGJNFO, String ); 
String = board xx line xx channel xx, call xx, str 
board = the hardware board ID 
line = the WAN ID in a board 
Channel = channel ID within the WAN 

call = the call reference number which starts from 1 and increments by 1 for each new call 
str = C01 Outgoing Call dev xx ch xx (dev:device No. chxhannel No.) 
L02 Tunnel Connected(L2TP) 

C02 OutCall Connected xxxx (means connected speed) xxxxx (means Remote Call Number) 
L02 Call Terminated 
C02 Call Terminated 

Jul 19 11:19:27 192.168.102.2 ZyXEL: board 0 line 0 channel 0, call 1, C01 Outgoing Call dev=2 ch=0 40002 

Jul 19 1 1:19:32 192.168.102.2 ZyXEL: board 0 line 0 channel 0, call 1, C02 OutCall Connected 64000 40002 
Jul 19 11:20:06 192.168.102.2 ZyXEL: board 0 line 0 channel 0, call 1, C02 Call Terminated 



2. Packet triggered 



Packe 



sdcmdSyslogSend( SYSLOGPKTTRI , SYSLOG_NOTICE, String ); 

String = Packet trigger: Protocol=xx Data=xxxxxxxxxx x 

Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) 

Data: We will send forty-eight Hex characters to the server 
Jul 19 11:28:39 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1, 

Data=4500003c1 001 00001f01 0004c0a8661 4ca849a7b08004a5c020001 0061 62636465666768696a6b6c6d6e6f70 
71727374 

Jul 19 11:28:56 192.168.102.2 ZyXEL: Packet Trigger: Protocols, 

Data=4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd40000020405b4 

Jul 19 11:29:06 192.168.102.2 ZyXEL: Packet Trigger: Protocols, 

Data=45000028240140001 f06ac1 2c0a8661 4ca849a7b0427001 7001 95b451 d14301 35004000077600000 



3. Filter log 



Filter log Message Format 



SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String ); 
String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD 

IP[...] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D). 
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Src: Source Address 

Dst: Destination Address 

prot: Protocol ("TCP","UDP","ICMP") 

spo: Source port 

dpo: Destination port 

Mar 03 10:39:43 202.132.155.97 ZyXEL: 

GEN[fffffffffffnordff0080] }S05>R01mF 

Mar 03 10:41:29 202.132.155.97 ZyXEL: 

GEN[00a0c5f502fnord010080] }S05>R01mF 

Mar 03 10:41:34 202.132.155.97 ZyXEL: 

IP[Src=192. 168.2. 33 Dst=202. 132. 155.93 ICMP]}S04>R01mF 

Mar 03 11:59:20 202.132.155.97 ZyXEL: 

GEN[00a0c5f502fnord010080] }S05>R01mF 

Mar 03 12:00:31 202.132.155.97 ZyXEL: 

GEN[fffffffffffnordff0080] }S05>R01mF 

Mar 03 12:00:52 202.132.155.97 ZyXEL: 

GEN[ffffffffffff0080] }S05>R01mF 
Mar 03 12:00:57 202.132.155.97 ZyXEL: 
GEN[00a0c5f502010080] }S05>R01mF 

Mar 03 12:01:01 202.132.155.97 ZyXEL: 

IP[Src=1 92.1 68.2.33 Dst=202. 1 32. 1 55.93 TCP spo=01 1 70 dpo=00021]}S04>R01 mF 
Mar 03 12:01:06 202.132.155.97 ZyXEL: 

IP[Src=1 92. 1 68.2.33 Dst=202. 1 32. 1 55.93 TCP spo=01 1 70 dpo=00021]}S04>R01 mF 



4. PPP log 



PPP Log Message Format 




sdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String ); 




String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown 




Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP / 




IPXCP 




Jul 19 11:42:44 192.168.102.2 ZyXEL: ppp:LCP Closing 




Jul 19 11:42:49 192.168.102.2 ZyXEL: ppp:IPCP Closing 




Jul 19 11:42:54 192.168.102.2 ZyXEL: ppp:CCP Closing 
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9.3.3 Call-Triggering Packet 

Call-Triggering Packet displays information about the packet that triggered a dial-out call in an easy readable 
format. Equivalent information is available in menu 24.1 in hex format. An example is shown next. 



IP Frame: ENETO -RECV Size: 
Frame Type : 



44/ 44 



Time: 17:02:44.262 



IP Header: 
IP Version 
Header Length 
Type of Service 
Total Length 
Identification 
Flags 

Fragment Offset 
Time to Live 
Protocol 
Header Checksum 
Source IP 
Destination IP 



4 

20 

0x00 (0) 
0X002C (44) 
= 0x0002 (2) 
0x00 
0x00 

OxFE (254) 
0x06 (TCP) 
OXFB20 (64288) 
0XC0A80101 (192.168.1.1) 
0x00000000 (0.0.0.0) 



TCP Header: 
Source Port 
Destination Port 
Sequence Number 
Ack Number 
Header Length 
Flags 

Window Size 

Checksum 
Urgent Ptr 
Options 

0000: 02 04 02 00 



0x0401 (1025) 
0X000D (13) 
0X05B8DO0O (95997952) 
0x00000000 (0) 
24 

0x02 ( . . . .S. ) 
0x2000 (8192) 

0XE06A (57450) 
0x0000 (0) 



RAW DATA: 



0000 
0010 
0020 



45 00 00 2C 00 02 00 00-FE 06 FB 20 CO A8 01 01 E. 
00 00 00 00 04 01 00 OD-05 B8 DO 00 00 00 00 00 
60 02 20 00 E0 6A 00 00-02 04 02 00 



Press any key to continue. 



Figure 9-9 Call-Triggering Packet Example 
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9.4 Diagnostic 

The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working 
properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, 
as shown next. 



Menu 24.4 - System Maintenance 


- Diagnostic 


TCP/IP 




1. Ping Host 




2. WAN DHCP Release 




3 . WAN DHCP Renewal 




4. Internet Setup Test 




System 




11. Reboot System 




Enter Menu Selection Number: 




Host IP Address- N/A 





Figure 9-10 Menu 24.4 — System Maintenance — Diagnostic 



Follow the procedure below to get to Menu 24.4 — System Maintenance — Diagnostic. 

Step 1 . From the main menu, enter 24 to open Menu 24 — System Maintenance. 

Step 2. From this menu, enter 4 to display Menu 24.4 — System Maintenance — Diagnostic. 

9.4.1 WAN DHCP 

DHCP functionality can be enabled on the LAN or WAN as shown in Figure 9-11 . The Prestige can act 
either as a WAN DHCP client (IP Address Assignment field in menu 4 or menu 1 1.3 is Dynamic and the 
Encapsulation field in menu 4 or menu 1 1 is Ethernet) or "none", i.e., you have a static IP. The WAN 
Release and Renewal fields in menu 24.4 conveniently allow you to release and/or renew the assigned WAN 
IP address, subnet mask and default gateway in a fashion similar to winipcfg. 
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DHCP 




Figure 9-11 WAN & LAN DHCP 



The following table describes the diagnostic tests available in menu 24.4 for your Prestige and the 
connections. 



Table 9-4 System Maintenance Menu Diagnostic 



NUMBER 


FIELD 


DESCRIPTION 


1 


Ping Host 


Enter 1 to ping any machine (with an IP address) on 
your LAN or WAN. Enter its IP address in the Host IP 
Addres field mentioned in the last row of this table. 


2 


WAN DHCP Release 


Enter 2 to release your WAN DHCP settings. 


3 


WAN DHCP Renewal 


Enter 3 to renew your WAN DHCP settings. The 
renewal timeout is 32 seconds. 


4 


Internet Setup Test 


Enter 4 to test the Internet Setup. You can also test 
the Internet Setup in menu 4 - Internet Access. Please 
refer to the chapter- Internet Access for more details. 


11 


Reboot System 


Enter 1 1 to reboot the Prestige. 




Host IP Address 


If you entered 1 above, then enter the IP address of 
the machine you want to ping in this field. 
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Chapter 10 

Firmware and Configuration Maintenance 

This chapter tells you how to back up and restore your configuration file as well as upload new 

firmware and a new configuration file. 

10.1 Filename Conventions 

The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus 
such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension. 
Once you have customized the Prestige's settings, they can be saved back to your computer under a filename 
of your choosing. 

ZyNOS (ZyXEL Network Operating System sometimes referred to as the "ras" file) is the system firmware 
and has a "bin" filename extension. With many ftp and tftp clients, the filenames are similar to those seen 
next. 

ftp> put firmware.bin ras 

This is a sample ftp session showing the transfer of the computer file " firmware.bin" to the Prestige. 
ftp> get rom-0 config.cfg 

This is a sample ftp session saving the current configuration to the computer file config.cfg. 

If your (t)ftp client does not allow you to have a destination filename different than the source, you will need 
to rename them as the Prestige only recognizes "rom-0" and "ras". Be sure you keep unaltered copies of both 
files for later use. 

The following table is a summary. Please note that the internal filename refers to the filename on the Prestige 
and the external filename refers to the filename not on the Prestige, that is, on your computer, local network 
or ftp site and so the name (but not the extension) will vary. After uploading new firmware see the ZyNOS 
F/W Version field in Menu 24.2.1 — System Maintenance — Information to confirm that you have 
uploaded the correct firmware version. The AT command is the command you enter after you press "y" when 
prompted in the SMT menu to go into debug mode. 
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Table 10-1 Filename Conventions 



FILE TYPE 


INTERNAL 
NAME 


EXTERNAL 
NAME 


DESCRIPTION 


Configuration 
File 


Rom-0 


*.rom 


This is the configuration filename on the 
Prestige. Uploading the rom-0 file replaces 
the entire ROM file system, including your 
Prestige configurations, system-related data 
(including the default password), the error log 
and the trace log. 


Firmware 


Ras 


*.bin 


This is the generic name for the ZyNOS 
firmware on the Prestige. 



10.2 Backup Configuration 

The Prestige displays different messages explaining different ways to backup, 
restore and upload files in menus 24.5, 24.6, 24. 7.1 and 24.7.2 when you use the 
serial/console port and when you telnet in. 

Option 5 from Menu 24 — System Maintenance allows you to backup the current Prestige configuration to 
your computer. Backup is highly recommended once your Prestige is functioning properly. FTP and TFTP 
are the preferred methods for backing up your current configuration to your computer since FTP and TFTP 
are faster. You can also perform backup and restore using menu 24 through the console port. Any serial 
communications program should work fine; however, you must use Xmodem protocol to perform the 
download/upload and you don't have to rename the files (see section 10.1). 

Please note that terms "download" and "upload" are relative to the computer. Download means to transfer 
from the Prestige to the computer, while upload means from your computer to the Prestige. 

10.2.1 Backup Configuration 

Follow the instructions as shown in the next screen. 
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Menu 24.5 - System Maintenance - Backup Configuration 

To transfer the configuration file to your workstation, follow the procedure 
below : 

1. Launch the FTP client on your workstation. 

2. Type "open" and the IP address of your router. Then type "root" and 
SMT password as requested. 

3. Locate the 'rom-0* file. 

4. Type 'get rom-0* to back up the current router configuration to 
your workstation. 

For details on FTP commands, please consult the documentation of your FTP 
client program. For details on backup using TFTP (note that you must remain 
in this menu to back up using TFTP) , please see your router manual. 



Press ENTER to Exit: 



Figure 10-1 Telnet in Menu 24.5 



10.2.2 Using the FTP Command from the DOS Prompt 

Step 1 . Launch the FTP client on your computer. 

Step 2. Enter "open", followed by a space and the IP address of your Prestige. 

Step 3. Press [ENTER] when prompted for a username. 

Step 4. Enter your password as requested (the default is "1234"). 

Step 5. Enter "bin" to set transfer mode to binary. 

Step 6. Use "get" to transfer files from the Prestige to the computer, for example, "get rom-0 config.rom" 
transfers the configuration file on the Prestige to your computer and renames it "config.rom". See 
earlier in this chapter for more information on filename conventions. 

Step 7. Enter "quit" to exit the ftp prompt. 
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Example of FTP Commands from the DOS Prompt 



331 Enter PASS command 

Password : 

23 0 Logged in 

ftp> bin 

200 Type I OK 

ftp> get rom-0 zyxel.rom 

200 Port command okay 

150 Opening data connection for STOR ras 
226 File received OK 

ftp: 16384 bytes sent in l.lOSeconds 297 . 89Kbytes/sec . 
ftp> quit 



Figure 10-2 FTP Session Example 

Third Party FTP Clients 

The following table describes some of the commands that you may see in third party FTP clients. 



Table 10-2 General Commands for Third Party FTP Clients 



COMMAND 


DESCRIPTION 


Host Address 


Enter the address of the host server. 


Login Type 


Anonymous. 

This is when a user I.D. and password is automatically supplied to the 
server for anonymous access. Anonymous logins will work only if your 
ISP or service administrator has enabled this option. 

Normal. 

The server requires a unique User ID and Password to login. 


Transfer Type 


Transfer files in either ASCII (plain text format) or in binary mode. 


Initial Remote Directory 


Specify the default remote directory (path). 


Initial Local Directory 


Specify the default local directory (path). 



TFTP and FTP over WAN 

TFTP, FTP and Telnet over the WAN will not work when: 



1 . You have disabled Telnet service in menu 24. 1 1 . 

2. You have applied a filter in menu 3.1 (LAN) or in menu 11.5 (WAN) to block Telnet service. 

3. The IP you entered in the Secured Client IP field in menu 24. 1 1 does not match the client IP. If it does 
not match, the Prestige will disconnect the Telnet session immediately. 

4. You have an SMT console session running. 
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10.2.3 Backup Configuration Using TFTP 

The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File 
Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. 

To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, 
follow the procedure shown next. 

Step 1 . Use telnet from your computer to connect to the Prestige and log in. Because TFTP does not have 
any security checks, the Prestige records the IP address of the telnet client and accepts TFTP 
requests only from this address. 

Step 2. Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 — System 
Maintenance. 

Step 3. Enter command "sys stdio 0" to disable the SMT timeout, so the TFTP transfer will not be 

interrupted. Enter command "sys stdio 5" to restore the five-minute SMT timeout (default) when 
the file transfer is complete. 

Step 4. Launch the TFTP client on your computer and connect to the Prestige. Set the transfer mode to 
binary before starting data transfer. 

Step 5. Use the TFTP client (see the example below) to transfer files between the Prestige and the 
computer. The file name for the configuration file is "rom-0" (rom-zero, not capital o). 

Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer. 
For details on TFTP commands (see following example), please consult the documentation of your TFTP 
client program. For UNIX, use "get" to transfer from the Prestige to the computer and "binary" to set binary 
transfer mode. 

10.2.4 TFTP Command Example 

The following is an example tftp command: 

TFTP [-i] host get rom-0 config.rom 

where "i" specifies binary image transfer mode (use this mode when transferring binary files), "host" is the 
Prestige IP address, "get" transfers the file source on the Prestige (rom-0 name of the configuration file on 
the Prestige) to the file destination on the computer and renames it config.rom. 

Third Party TFTP Clients 

The following table describes some of the fields that you may see in third party TFTP clients. 
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Table 10-3 General Commands for Third Party TFTP Clients 



COMMAND 


DESCRIPTION 


Host 


Enter the IP address of the Prestige. 192.168.1.1 is the Prestige's 
default IP address when shipped. 


Send/Fetch 


Use "Send" to upload the file to the Prestige and "Fetch" to back up 
the file on your computer. 


Local File 


Enter the path and name of the firmware file (*.bin extension) or 
configuration file (*.rom extension) on your computer. 


Remote File 


This is the filename on the Prestige. The filename for the firmware is 
"ras" and for the configuration file, is "rom-0". 


Binary 


Transfer the file in binary mode. 


Abort 


Stop transfer of the file. 



Refer to the TFTP and FTP over WAN section to read about configurations that disallow TFTP and FTP to 
work over WAN. 

10.2.5 Backup Via Console Port 

Backup configuration via console port by following the HyperTerminal procedure shown next. Procedures 
using other serial communications programs should be similar. 

Step 1 . Display menu 24.5 and enter "y" at the following screen. 

Ready to backup Configuration via Xmodem. 
Do you want to continue (y/n) : 

Figure 10-3 System Maintenance — Backup Configuration 
Step 2. The following screen indicates that the Xmodem download has started. 

You can enter ctrl-x to terminate operation any time. 
Starting XMODEM download. . . 

Figure 10-4 System Maintenance — Starting Xmodem Download Screen 

Step 3. Run the HyperTerminal program by clicking Transfer, then Receive File as shown in the 
following screen. 
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'• Receive File 



Place received file in the following]. 
|CAProducf\config.rorm| 

Use receiving protocol: 



Type a location for 
storing the configuration 
file or click Browse to 
look for one. 



Choose the Xmodem 
protocol. 



Then click Receive. 



Figure 10-5 Backup Configuration Example 

Step 4. After a successful backup you will see the following screen. Press any key to return to the SMT 
menu. 



** Backup Configuration completed. OK. 
### Hit any key to continue. ### 



Figure 10-6 Successful Backup Confirmation Screen 




10.3 Restore Configuration 

This section shows you how to restore a previously saved configuration. Note that this function erases the 
current configuration before restoring a previous back up configuration; please do not attempt to restore 
unless you have a backup configuration file stored on disk. 

FTP and TFTP are the preferred methods for restoring your current computer configuration to your Prestige 
since FTP and TFTP are faster. Please note that you must restart the system after the file transfer is 
complete. 

WARNING! 

Do not interupt the file transfer process as this may PERMANENTLY DAMAGE 
YOUR PRESTIGE. When the Restore Configuration process is complete, the 
Prestige will automatically restart. 
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10.3.1 Restore Using FTP or TFTP 

For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this 
chapter. 

Menu 24.6 -- System Maintenance - Restore Configuration 

To transfer the firmware and configuration file to your workstation, follow the 
procedure below: 

1. Launch the FTP client on your workstation. 

2. Type "open" and the IP address of your router. Then type "root" and 
SMT password as requested. 

3. Type "put backupf ilename rom-0" where backupf ilename is the name of 
your backup configuration file on your workstation and rom-spt is the 
remote file name on the router. This restores the configuration to 
your router. 

4. The system reboots automatically after a successful file transfer 

For details on FTP commands, please consult the documentation of your FTP 
client program. For details on backup using TFTP {note that you must remain 
in this menu to back up using TFTP) , please see your router manual. 

Press ENTER to Exit: 

Figure 10-7 Telnet into Menu 24.6 

Step 1 . Launch the FTP client on your computer. 

Step 2. Enter "open", followed by a space and the IP address of your Prestige. 

Step 3. Press [ENTER] when prompted for a username. 

Step 4. Enter your password as requested (the default is "1234"). 

Step 5. Enter "bin" to set transfer mode to binary. 

Step 6. Find the "rom" file (on your computer) that you want to restore to your Prestige. 

Step 7. Use "put" to transfer files from the Prestige to the computer, for example, "put config.rom rom-0" 
transfers the configuration file on the Prestige to your computer and renames it "config.rom". See 
earlier in this chapter for more information on filename conventions. 

Step 8. Enter "quit" to exit the ftp prompt. The Prestige will automatically restart after a successful 
restore process. 
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Restore Using FTP or TFTP Session Example 



ftp> put config.rom rom-0 
200 Port command okay 

150 Opening data connection for STOR rom-0 

226 File received OK 

221 Goodbye for writing flash 

ftp: 16384 bytes sent in 0.06Seconds 273 . 07Kbytes/sec . 
f tp>quit 



Figure 10-8 Restore Using FTP or TFTP Session Example 

Refer to the TFTP and FTP over WAN section to read about configurations that disallow TFTP and FTP to 
work over WAN. 



10.3.2 Restore Via Console Port 

Restore configuration via console port by following the HyperTerminal procedure shown next. Procedures 
using other serial communications programs should be similar. 

Step 1 . Display menu 24.6 and enter "y" at the following screen. 



Step 2. 



Ready to restore Configuration via Xmodem. 
Do you want to continue (y/n) : 



Figure 10-9 System Maintenance — Restore Configuration 

The following screen indicates that the Xmodem download has started. 



Starting XMODEM download (CRC mode) 
CCCCCCCCC 




Figure 10-10 System Maintenance — Starting Xmodem Download Screen 



Step 3. Run the HyperTerminal program by clicking Transfer, then Receive File as shown in the 
following screen. 
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Type the configuration 
file's location, or click 
Browse to search for it. 



Choose the Xmodem 
protocol. 



Then click Send. 



Figure 10-11 Restore Configuration Example 

Step 4. After a successful restoration you will see the following screen. Press any key to restart the 
Prestige and return to the SMT menu. 



Save to ROM 

Hit any key to start system reboot . 



Figure 10-12 Successful Restoration Confirmation Screen 

10.4 Uploading Firmware and Configuration Files 

This section shows you how to upload firmware and configuration files. You can upload configuration files 
by following the procedure in the previous Restore Configuration section or by following the instructions in 
Menu 24.7.2 — System Maintenance — Upload Router Configuration File (for console port). 



WARNING! 

DO NOT INTERUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY 
DAMAGE YOUR PRESTIGE. 

10.4.1 Firmware File Upload 

FTP is the preferred method for uploading the firmware and configuration. To use this feature, your 
computer must have an FTP client. 

When you telnet into the Prestige, you will see the following screens for uploading firmware and the 
configuration file using FTP. 



' Send File 



Folder: C:\Prograrm Files 
Filename: 




|CAProduct\corifig.rorm """" 




Browse.. 


T 


Protocol: . 


JXnnodem 








J 










Send 


CluiB 


I Uancel 
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Menu 24.7.1 - System Maintenance - Upload System Firmware 

To upload the system firmware , follow the procedure below : 

1. Launch the FTP client on your workstation. 

2 . Type " open" and the IP address of your system . Then type "root 11 and 
SMT password as requested. 

3 . Type "put f irmwaref ilename ras " where 11 f irmwaref ilename " is the name 
of your firmware upgrade file on your workstation and "ras" is the 
remote file name on the system . 

4. The system reboots automatically after a successful firmware upload. 



For details on FTP commands , please consult the documentation of your FTP 
client program . For details on uploading system firmware using TFTP (note 
that you must remain on this menu to upload system firmware using TFTP) , 
please see your manual. 

Press ENTER to Exit: 



Figure 10-13 Telnet Into Menu 24.7.1 — Upload System Firmware 



10.4.2 Configuration File Upload 

You see the following screen when you telnet into menu 24.7.2. 



Menu 24.7.2 - System Maintenance - Upload System Configuration File 
To upload the system configuration file, follow the procedure below: 

1. Launch the FTP client on your workstation. 

2. Type "open" and the IP address of your system. Then type "root" and 
SMT password as requested. 

3 . Type "put conf igurationf ilename rom- 0 " where " conf igurationf ilename " 

is the name of your system configuration file on your workstation, which 
will be transferred to the " rom- 0 " file on the system. 

4. The system reboots automatically after the upload system configuration 
file process is complete. 

For details on FTP commands, please consult the documentation of your FTP 
client program. For details on uploading system firmware using TFTP (note 
that you must remain on this menu to upload system firmware using TFTP) , 
please see your manual. 

Press ENTER to Exit: 



Figure 10-14 Telnet Into Menu 24.7.2 — System Maintenance 

To upload the firmware and the configuration file, follow these examples: 
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FTP File Upload Command from the DOS Prompt Example 
Step 1 . Launch the FTP client on your computer. 

Step 2. Enter "open", followed by a space and the IP address of your Prestige. 

Step 3. Press [ENTER] when prompted for a username. 

Step 4. Enter your password as requested (the default is "1234"). 

Step 5. Enter "bin" to set transfer mode to binary. 

Step 6. Use "put" to transfer files from the computer to the Prestige, for example, put firmware.bin ras 
transfers the firmware on your computer (firmware.bin) to the Prestige and renames it "ras". 
Similarly put config.rom rom-0 transfers the configuration file on your computer (config.rom) to 
the Prestige and renames it "rom-0". Likewise get rom-0 config.rom transfers the configuration 
file on the Prestige to your computer and renames it "config.rom." See earlier in this chapter for 
more information on filename conventions. 

Step 7. Enter "quit" to exit the ftp prompt. 

FTP Session Example of Firmware File Upload 

331 Enter PASS command 

Password : 

230 Logged in 

ftp> bin 

200 Type I OK 

ftp> put firmware.bin ras 

2 00 Port command okay 

150 Opening data connection for STOR ras 
226 File received OK 

ftp: 1103936 bytes sent in l.lOSeconds 297 . 89Kbytes/sec . 
ftp> quit 

Figure 10-15 FTP Session Example of Firmware File Upload 

More commands (found in third party FTP clients), are listed earlier in this chapter. 

Refer to the TFTP and FTP over WAN section to read about configurations that disallow TFTP and FTP to 
work over WAN. 

10.4.3 TFTP File Upload 

The Prestige also supports the uploading of firmware files using TFTP (Trivial File Transfer Protocol) over 
LAN. Although TFTP should work over WAN as well, it is not recommended. 

To use TFTP, your computer must have both telnet and TFTP clients. To transfer the firmware and the 
configuration file, follow the procedure shown next. 
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Step 1 . Use telnet from your computer to connect to the Prestige and log in. Because TFTP does not have 
any security checks, the Prestige records the IP address of the telnet client and accepts TFTP 
requests only from this address. 

Step 2. Put the SMT in command interpreter (CI) mode by entering 8 in Menu 24 — System 
Maintenance. 

Step 3. Enter the command "sys stdio 0" to disable the console timeout, so the TFTP transfer will not be 
interrupted. Enter "command sys stdio 5" to restore the five-minute console timeout (default) 
when the file transfer is complete. 

Step 4. Launch the TFTP client on your computer and connect to the Prestige. Set the transfer mode to 
binary before starting data transfer. 

Step 5. Use the TFTP client (see the example below) to transfer files between the Prestige and the 
computer. The file name for the firmware is "ras". 

Note that the Telnet connection must be active and the Prestige in CI mode before and during the TFTP 
transfer. For details on TFTP commands (see following example), please consult the documentation of your 
TFTP client program. For UNIX, use "get" to transfer from the Prestige to the computer, "put" the other way 
around, and "binary" to set binary transfer mode. 

TFTP Upload Command Example 

The following is an example tftp command: 

TFTP [-i] host put firmware.bin ras 

where "i" specifies binary image transfer mode (use this mode when transferring binary files), "host" is the 
Prestige's IP address, "put" transfers the file source on the computer (firmware.bin - name of the firmware 
on the computer) to the file destination on the remote host (ras - name of the firmware on the Prestige). 

Commands that you may see in third party TFTP clients are listed earlier in this chapter. 



10.4.4 Uploading Via Console Port 

FTP or TFTP are the preferred methods for uploading firmware to your Prestige. However in the event of 
your network being down, uploading files is only possible with a direct connection to your Prestige via the 
console port. Uploading files via the console port under normal conditions is not recommended since FTP or 
TFTP is faster. Any serial communications program should work fine; however, you must use the Xmodem 
protocol to perform the download/upload. 

Uploading a Firmware File Via Console Port 

Step 1 . Select 1 from Menu 24.7 — System Maintenance — Upload Firmware to display Menu 24.7.1 
— System Maintenance — Upload Router Firmware, then follow the instructions as shown in 
the following screen. 
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Menu 24.7.1 - System Maintenance - Upload Router Firmware 



To upload router firmware : 

1 . Enter " y" at the prompt below to go into debug mode . 

2 . Enter "atur" after "Enter Debug Mode" message . 

3. Wait for "Starting XMODEM upload" message before activating 
Xmodem upload on your terminal . 

4 . After successful firmware upload, enter "at go " to restart the 
router . 

Warning : Proceeding with the upload will erase the current router 
firmware . 

Do You Wish To Proceed: (Y/N) 



Figure 10-16 Menu 24.7.1 as seen using the Console Port 

Step 2. After the "Starting Xmodem upload" message appears, activate the Xmodem protocol on your 
computer. Follow the procedure as shown previously for the HyperTerminal program. The 
procedure for other serial communications programs should be similar. 

Example Xmodem Firmware Upload Using HyperTerminal 

Click Transfer, then Send File to display the following screen. 



i Send File 



Folder: C:\Prograrm Files 
Filename: 




Type the firmware file's 
location, or click 
Browse to look for it. 



Choose the Xmodem 
protocol. 



Then click Send. 



Figure 10-17 Example Xmodem Upload 

After the firmware upload process has completed, the Prestige will automatically restart. 
Uploading a Configuration File Via Console Port 

Step 1 . Select 2 from Menu 24.7 — System Maintenance — Upload Firmware to display Menu 24.7.2 
— System Maintenance — Upload Router Configuration File. Follow the instructions as 
shown in the next screen. 
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Menu 24.7.2 - System Maintenance - Upload Router Configuration File 



To upload router configuration file: 

1 . Enter "y" at the prompt below to go into debug mode . 

2. Enter "atlc" after "Enter Debug Mode" message. 

3. Wait for "Starting XMODEM upload" message before activating 
Xmodem upload on your terminal . 

4. After successful firmware upload, enter "atgo" to restart the 
router . 

Warning : 

1. Proceeding with the upload will erase the current 
configuration file . 

2 . The router 1 s console port speed {Menu 24.2.2} may change 
when it is restarted; please adjust your terminal's speed 
accordingly. The password may change (menu 23), also. 

3 . When uploading the DEFAULT configuration f ile , the console 
port speed will be reset to 9600 bps and the password to 
"12 3 4 " . 

Do You Wish To Proceed: (Y/N) 



Figure 10-18 Menu 24.7.2 as seen using the Console Port 

Step 2. After the "Starting Xmodem upload" message appears, activate the Xmodem protocol on your 
computer. Follow the procedure as shown previously for the HyperTerminal program. The 
procedure for other serial communications programs should be similar. 

Step 3. Enter "atgo" to restart the Prestige. 



Example Xmodem Configuration Upload Using HyperTerminal 

Click Transfer, then Send File to display the following screen. 
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' Send File 



Folder: C:\Prograrm Files 
Filename: 

|CAProduct\corifig.rom 



Protocol: 



I Xmodem 




Type the configuration 
file's location, or click 
Browse to search for it. 



Choose the Xmodem 
protocol. 

Then click Send. 



Figure 10-19 Example Xmodem Upload 

After the configuration upload process has completed, restart the Prestige by entering "atgo". 
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Chapter 11 

System Maintenance and Information 

This chapter leads you through SMT menus 24.8 to 24.11. 

11.1 Command Interpreter Mode 

The Command Interpreter (CI) is a part of the main router firmware. The CI provides much of the same 
functionality as the SMT, while adding some low-level setup and diagnostic functions. The CI can be entered 
from the SMT by selecting menu 24.8. Access can be either by Telnet or by a serial connection to the console 
port, although some commands are only available with a serial connection. See the support CD or the 
zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 — System 
Maintenance. A list of valid commands can be found by entering "help" or "?" at the command prompt. 
Type "exit" and press [ENTER] to return to the SMT main menu when finished. 

I : 1 

Menu 24 - System Maintenance 

1. System Status 

2 . System Information and Console Port Speed 

3 . Log and Trace 

4 . Diagnostic 

5 . Backup Configuration 

6 . Restore Configuration 

7 . Firmware Update 

< n Command Interpreter Mc ,";|" > 

9. Call Control 

10. Time and Date Setting 

11. Remote Management Setup 



Enter Menu Selection Number: 

Figure 11-1 Command Mode in Menu 24 
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Copyright (c) 1994 - 2002 ZyXEL Communications Corp. 
ras> ? 

Valid commands are : 

sys exit device ether 

poe config ip ppp 

hdap 



ras> 




Figure 11-2 Valid Commands 



11.2 Call Control Support 



The Prestige provides two call control functions: budget management and call history. Please note that this 
menu is only applicable when Encapsulation is set to PPPoE or PPTP in menu 4 or menu 11.1. 

The budget management function allows you to set a limit on the total outgoing call time of the Prestige 
within certain times. When the total outgoing call time exceeds the limit, the current call will be dropped and 
any future outgoing calls will be blocked. 

Call history chronicles preceding incoming and outgoing calls. 

To access the call control menu, enter 9 in menu 24 to display Menu 24.9 — System Maintenance — Call 
Control, as shown in the next table. 



11.2.1 Budget Management 

Menu 24.9. 1 shows the budget management statistics for outgoing calls. Enter 1 from Menu 24.9 — System 
Maintenance — Call Control to bring up the following menu. 



Menu 24.9 - System Maintenance - Call Control 



1 . 
2 . 



Budget Management 
Call History 



Enter Menu Selection Number: 



Figure 11-3 Call Control 
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Menu 24.9.1 - Budget Management 

Remote Node Connection Time/Total Budget Elapsed Time/Total Period 

1. ChangeMe No Budget No Budget 



Reset Node (0 to update screen) : 



Figure 11-4 Budget Management 

The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this 
limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked. After 
each period, the total budget is reset. The default for the total budget is 0 minutes and the period is 0 hours, 
meaning no budget control. You can reset the accumulated connection time in this menu by entering the 
index of a remote node. Enter 0 to update the screen. The budget and the reset period can be configured in 
menu 11.1 for the remote node. 



Table 11-1 Budget Management 



FIELD 


DESCRIPTION 


EXAMPLE 


Remote Node 


Enter the index number of the remote node you 
want to reset (just one in this case) 


1 


Connection Time/Total 
Budget 


This is the total connection time that has gone by 
(within the allocated budget that you set in menu 
11.1. 


5/10 means that 5 
minutes out of a 
total allocation of 
10 minutes have 
lapsed. 


Elapsed Time/Total 
Period 


The period is the time cycle in hours that the 
allocation budget is reset (see menu 11.1.) The 
elapsed time is the time used up within this period. 


0.5/1 means that 
30 minutes out of 
the 1 hour time 
period has lapsed. 


Enter "0" to update the screen or press [ESC] to return to the previous screen. 



11.2.2 Call History 

Menu 24.9 — System Maintenance — Call Control displays information about past incoming and 
outgoing calls. Enter 2 from Menu 24.9 — System Maintenance — Call Control to bring up the following 
menu. 
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Menu 24.9.2 - Call History 

Phone Number Dir Rate #call Max Min Total 

1 . 

2 . 

3 . 

4 . 

5 . 

6 . 

7 . 

8 . 

9 . 
10 . 

Enter Entry to Delete (0 to exit) : 


Figure 11-5 Call History 



Table 11-2 Call History Fields 



Phone Number 


The PPPoE service names are shown here. 


Dir 


This shows whether the call was incoming or outgoing. 


Rate 


This is the transfer rate of the call. 


#call 


This is the number of calls made to or received from that telephone 
number. 


Max 


This is the length of time of the longest telephone call. 


Min 


This is the length of time of the shortest telephone call. 


Total 


This is the total length of time of all the telephone calls to/from that 
telephone number. 


You may enter an entry number to delete it or '"0" to exit. 



11.3 Time and Date Setting 

There is no Real Time Chip (RTC) in the Prestige, so there is a software mechanism to set the time manually 
or get the current time and date from an external server when you turn on your Prestige. Menu 24.10 allows 
you to update the time and date settings of your Prestige. The real time is then displayed in the Prestige error 
logs and firewall logs. If you do not choose a time service protocol that your timeserver will send when you 
turn on the Prestige, then you can enter the time manually but each time the system is booted, the time and 
date will be reset to 2000/01/01 00:00:00. 

Select menu 24 in the main menu to open Menu 24 — System Maintenance, as shown next. 
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Menu 24 - System Maintenance 

1. System Status 

2. System Information and Console Port Speed 

3 . Log and Trace 

4 . Diagnostic 

5 . Backup Configuration 

6 . Restore Configuration 

7 . Upload Firmware 

8 . Command Interpreter Mode 

9__ ball control 

< Sr£^ _Time and Date Setting 

11 . Remote Management Setup 



Enter Menu Selection Number: 



Figure 11-6 Menu 24 — System Maintenance 

Then enter 10 to go to Menu 24.10 — System Maintenance — Time and Date Setting to update the time 
and date settings of your Prestige as shown in the following screen. 



Menu 24.10 - System Maintenance - Time and Date Setting 



Use Time Server when Bootup= None 
Time Server IP Address^ N/A 



Current Time: 

New Time (hh:mm:ss) : 

Current Date : 

New Date (yyyy-mm-dd) 

Time Zone= GMT 

Daylight Saving- No 
Start Date (mm-dd) : 
End Date (mm dd) : 



00:00 
11 : 23 



00 
16 



2000 - 01 

2001 - 03 



01 
01 



01 
01 



01 
01 



Press ENTER to Confirm or ESC to Cancel: 



Figure 11-7 Menu 24.10 System Maintenance — Time and Date Setting 



Table 11-3 Time and Date Setting Fields 



FIELD 



DESCRIPTION 



Use Time Server 
when Bootup 



Enter the time service protocol that your time server sends when you turn on the 
Prestige. Not all time servers support all protocols, so you may have to check with 
your ISP/network administrator or use trial and error to find a protocol that works. 
The main differences between them are the format. 

Daytime (RFC 867) format is day/month/year/time zone of the server. 
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FIELD 


DESCRIPTION 




Time (RFC-868) format displays a 4-byte integer giving the total number of 
seconds since 1970/1/1 at 0:0:0. 

NTP (RFC-1305) is similar to Time (RFC-868). 

None is the default value. Enter the time manually. Each time you turn on the 
Prestige, the time and date will be reset to 2000-1-1 0:0:0. 


Time Server IP 
Address 


Enter the IP address or domain name (DNS) of your time server. 

Check with your ISP/network administrator if you are unsure of this information. 


^UIICIU I line 

New Time 


1 Mlb MclU Ulbpidyb dll UpudlGU Ullle Only Wllell yOU IccFllcl Llllb [TlcIlU. 

Enter the new time in hour, minute and second format. 


Current Date 
New Date 


This field displays an updated date only when you reenter this menu. 
Enter the new date in year, month and day format. 


Time Zone 


Press [SPACE BAR] to set the time difference between your time zone and 

orccllWIOIl IVIedM 1 line ^OIVI 1 ). 


Daylight Saving 
Start Date 
End Date 


If you use daylight savings time, then choose Yes. 

If using daylight savings time, enter the month and day that it starts on. 

If using daylight savings time, enter the month and day that it ends on 


Once you have filled in this menu, press [ENTER] at the message "Press ENTER to Confirm or ESC to 
Cancel" to save your configuration, or press [ESC] to cancel. 



11.3.1 Resetting the Time 

The Prestige resets the time in three instances: 

i. On leaving menu 24. 10 after making changes. 

ii. When the Prestige starts up, if there is a time server configured in menu 24. 10. 

iii. 24-hour intervals after starting. 
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Chapter 12 
Internal SPTGEN 

Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient 
configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at 
the same time using just one configuration text file - eliminating the need to navigate and configure 
individual SMT menus for each Prestige. 

12.1 The Configuration Text File Format 

All Internal SPTGEN text files conform to the following format: 

<field identification number = field name = parameter values allowed = 
input > , 

where < input > is your input conforming to <parameter values allowed>. 
The figure shown next is an example of an Internal SPTGEN text file. 
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This is the name 
of the menu. 



This is the Field Name column. 
This is the name of the field as 
seen in the corresponding SMT 
screen. Example: Conf 



One "=" sign, followed by 
one space, must precede 
everything you input. 




Menu 1 General Setu^^ 



100000000 
100000001 
100000004 
100000007 
100000009 
100000010 



Configured 
System Name 
Route IP 

Domain Name Configured 
Domain Name Manual 
Domain Name 



<0 (No) 


1 (Yes) > 


<Str> 




<0 (No) 


1 (Yes) > 


<0:No 


1 : Yes> 


< 0 : No 


1 : Yes> 


<Str> 





This is the Field 
Identification Number 

column. 
This column 
numerically identifies 
the Field Name column 
entries. 

Example: 100000000 



This is the Parameter Values 

Allowed column. 

This column defines acceptable 

parameters. Parameters are usually 

numbers, but can sometimes be 

strings (<Str> indicates a string). All 

parameters should be entered in the 

Input column. 

Example: <0(No) | l(Yes)> 



The Input column. 
Input values to the 
right of the "=" 
sign. 

Make sure one 
equal sign, 
followed by one 
space, precedes 
your input. 



Figure 12-1 Configuration Text File Format — Column Descriptions 



DO NOT alter or delete any field except parameters in the Input column. 

For more text file examples, refer to the Internal SPTGEN appendix. 

12.1.1 Internal SPTGEN File Modification - Important Points to Remember 

• Entries in the Input column must not exceed 40 characters per line. If your input exceeds this limit, 
make sure you press [ENTER] to start a new line. 

• Each parameter you enter must be preceded by one "-'sign and one space. 

• Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 
(see Figure 12-1), then you disable every field in this menu. 
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12.2 Internal SPTGEN FTP Download Example 



1. Launch your FTP application. 


\ 




2. Enter "bin". 
The command "bin" sets the 
transfer mode to binary. The name 
"*.bin" is the generic name for the 
ZyNOS firmware on the Prestige. 


) 


/-c:\ftp 192.168.1.1 
220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 
2000 

^ User (192 . 168 . 1 . 1 : (none) ) : 

331 Enter PASS command 
. Password: 
\v2 3 0 Logged in 

\ ftp>bin 

r 2 00 Type I OK 



3. Get "rom-t" file. 

The command "get" transfers files 

from the Prestige to your 

computer. The name "*. rom-t" is 

the configuration filename on the 

Prestige. 




f tp>bye 
""c:\edit rom-t 
(edit the rom-t text file by a text editor and save 
it) 



4. Edit the "rom-t" file using a text editor (do not use a 
word processor). You must leave this FTP screen to edit. 



Figure 12-2 Internal SPTGEN FTP Download Example 



You can rename your "rom-t" file when you save it to your computer but it must be 
named "rom-t" when you upload it to your Prestige. 
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12.3 Internal SPTGEN FTP Upload Example 



1 . Launch your FTP application. 



X 



2. Enter "bin". The command "bin" 
sets the transfer mode to binary. 
The name "*.bin" is the generic 
name for the ZyNOS firmware on 
the Prestige. 



3. Upload your "rom-t" file from 
your computer to the Prestige 
using the "put" command, 
computer to the Prestige. 




^-c:\ftp 192.168.1.1 

220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 
2000 

User (192 . 168 . 1 . 1 : (none) ) : 
331 Enter PASS command 
Password : 
230 Logged in 



Uf tp>bin 
L 200 Typi 




4. Exit this FTP application. 



Figure 12-3 Internal SPTGEN FTP Upload Example 
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Chapter 13 
Remote Management 

This chapter covers remote management (SMT menu 24. 11). 



13.1 Telnet 



The only way to configure the Prestige for remote management is through an SMT session using the console 
port. Once your Prestige is configured, you can use telnet to configure it remotely as shown next. 




User telnets 
into the LAN 
via the Prestige 



Figure 13-1 Telnet Configuration on a TCP/IP Network 



13.2 FTP 



You can upload and download Prestige firmware and configuration files using FTP - please see Chapter 10 
for details. To use this feature, your computer must have an FTP client. 

13.3 Web 

You can use the Prestige's embedded web configurator for configuration and file management. See the Read 
Me First to learn how to access the web configurator. 



13.4 SNMP 

Simple Network Management Protocol is a protocol used for exchanging management information between 
network devices. Your Prestige supports SNMP agent functionality, which allows a manager station to 
manage and monitor the Prestige through the network. Refer to the SNMP chapter for more information. 
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13.5 DNS 

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for 
example, the IP address ofwww.zyxel.com is 204.217.0.2. Refer to the Internet Access chapter for more 
information. 

13.6 Remote Management 

To disable remote management of a service, select Disable in the corresponding Server Access field. 

Enter 1 1 from menu 24 to bring up Menu 24.11 — Remote Management Control. Remote Management 
Setup 

Remote management setup is for managing Telnet, FTP, Web, SNMP and DNS services. You can customize 
the service port, access interface, and the secured client IP address to enhance security and flexibility. 

You may manage your Prestige from a remote location via: 

the Internet (WAN only), the LAN only, All (LAN and WAN) or Disable (neither). 

> WAN only (Internet) > ALL (LAN and WAN) 

> LAN only > Disable (Neither) 

If you enable remote management of a service, but have applied a filter to block the 
service, then you will not be able to remotely manage the service. 

Enter 11, from menu 24, to display Menu 24.11 — Remote Management Control (shown next). 
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Menu 24.11 - Remote Management Control 



TELNET Server: Port = 23 Access = LAN only 

Secured Client IP = 0.0.0.0 

FTP Server: Port =21 Access = LAN only 

Secured Client IP = 0.0.0.0 

Web Server: Port = 8 0 Access = LAN only 

Secured Client IP = 0.0.0.0 

SNMP Service: Port = 161 Access = LAN only 

Secured Client IP = 0.0.0.0 

DNS Service: Port = 53 Access = LAN only 

Secured Client IP = 0.0.0.0 



Press ENTER to Confirm or ESC to Cancel: 



Figure 13-2 Menu 24.11 — Remote Management Control 



Table 13-1 Menu 24.11 — Remote Management Control 



FIELD 


DESCRIPTION 




Telnet Server 
FTP Server 
Web Server 
SNMP Service 
DNS Service 


These read-only labels denote the kind of server/service that you 
may remotely manage. 




Port 


You may change the service port number for corresponding 
servers/service in this field. 


23 


Access 


Select the access interface (if any) by pressing the [SPACE BAR]. 
Choices are: LAN only, WAN only, All or Disable. The default is 
LAN only. 


LAN only 


Secured Client IP 


The default value for Secured Client IP is 0.0.0.0, which means 
you don't care which host is trying to use a service (Telnet, FTP, 
Web, SNMP or DNS). 

If you enter an IP address in this field, the Prestige will check if the 
client IP address matches the value here when a (Telnet, FTP, 
Web, SNMP or DNS) session is up. If it does not match, the 
Prestige will disconnect the session immediately. 


0.0.0.0 


Once you have filled in this menu, press [ENTER] at the message "Press ENTER to Confirm or ESC to 
Cancel" to save your configuration, or press [ESC] to cancel. 
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13.6.1 Remote Management Limitations 

Remote management over LAN or WAN will not work when: 

1 . A filter in menu 3 . 1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web 
service. 

2. You have disabled that service in menu 24. 11. 

3. The IP address in the Secured Client IP field (menu 24.1 1) does not match the client IP address. If 
it does not match, the Prestige will disconnect the session immediately. 

4. There is an SMT console session running. 

5. There is already another remote management session of the same type (web, FTP or Telnet) 
running. You may only have one remote management session of the same type running at one time. 

6. There is a web remote management session running with a Telnet session. A Telnet session will be 
disconnected if you begin a web session; it will not begin if there already is a web session. 

13.7 Remote Management and NAT 

When NAT is enabled: 

> Use the Prestige's WAN IP address when configuring from the WAN. 

> Use the Prestige's LAN IP address when configuring from the LAN. 

13.8 System Timeout 

There is a system timeout of five minutes (300 seconds) for either the console port or Telnet/web/FTP 
connections. Your Prestige will automatically log you out if you do nothing in this timeout period, except 
when it is continuously updating the status in menu 24.1 or when sys stdio has been changed on the 
command line. 
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Chapter 14 
Call Scheduling 

This chapter shows you how to setup call time periods for remote nodes. 

14.1 Introduction 

The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node 
should be called and for how long. This feature is similar to the scheduler in a video cassette recorder (you 
can record programs at times that you specify). You can apply up to four schedule sets in Menu 11.1 — 
Remote Node Profile. 

14.2 Schedule Setup 

From the main menu, enter 26 to access Menu 26 — Schedule Setup as shown next. 





Menu 


2 6 - Schedule Setup 


Schedule 




Schedule 


Set # 


Name 


Set # Name 


1 




7 


2 




8 


3 




9 


4 




10 


5 




11 


6 




12 




Enter Schedule 


Set Number to Configure= 




Edit Name= 






Press ENTER to 


Confirm or ESC to Cancel : 



Figure 14-1 Schedule Setup 



Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts. For 
example, if sets 1, 2 ,3 and 4 in are applied in the remote node then set 1 will take precedence over set 2, 3 
and 4 as the Prestige, by default, applies the lowest numbered set first. Set 2 will take precedence over set 3 
and 4, and so on. 

You can design up to 12 schedule sets but you can only apply up to four schedule sets for a remote node. 
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To delete a schedule set, enter the set number and press the [SPACE BAR] in the 




14.3 Schedule Set Setup 

To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12), press [ENTER] and 
then type in a name for the set. Press [ENTER] to display Menu 26.1 — Schedule Set Setup as shown next. 



Menu 26.1 - Schedule Set Setup 
Active^ Yes 

Start Date (yyyy/mra/dd) = 2000 - 07 - 01 
How Often= Once 
Once : 

Date (yyyy/mm/dd) = 2001 - 01 - 01 
Weekdays : 

Sundays N/A 

Monday^ N/A 

Tuesday^ N/A 

Wednesday^ N/A 

Thursday^ N/A 

Fridays N/A 

Saturday^ N/A 
Start Time (hh:mm)= 12 : 00 
Duration (hh:mm)= 10 : 00 
Action- Forced On 

Press ENTER to Confirm or ESC to Cancel : 



Figure 14-2 Schedule Set Setup 

If a connection has been already established, your Prestige will not drop it. Once the connection is dropped 
manually or it times out, then that remote node can't be triggered again until the time period configured in the 
Duration field expires. 



Table 14-1 Schedule Set Setup Fields 



FIELD 


DESCRIPTION 


EXAMPLE 


Active 


Choose Yes to activate and No to deactivate the schedule set. 


Yes 

(default) 


Start Date 


Enter the start date that you wish the set to take effect in year - 
month-day format. Valid dates are from the present to February 5, 
2036. 


2000-07-01 


How Often 


Should this schedule set recur weekly or be used just once? 
Choose Once or Weekly. Both these options are mutually 
exclusive. If Once is selected, then all weekday settings are N/A. 


Once 

(default) 
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FIELD 


DESCRIPTION 


EXAMPLE 




When Once is selected, the schedule rule deletes automatically 
after the scheduled time elapses. 




Once: 
Date 


If you select Once in the How Often field above, enter the date the 

set should activate in year-month-day format. 

If you select Weekly in the How Often field above, this field is 

N/A. 


2001 -01 -01 


Weekday: 
Day 


If you select Weekly in the How Often field above, then choose the 
day(s) the set should activate (and recur). Individual Day 
parameters are active when their fields read Yes and inactive when 
their fields read No or N/A. 


N/A 

(default) 


Start Time 


Enter the start time that you wish the schedule set to take effect in 
hour : minute format. 


12 : 00 


Duration 


Enter the maximum duration allowed in hour : minute format for this 
scheduled connection. 


10 : 00 


Action 


Choose an action. Choices are: 

Forced On means that the connection is maintained whether or not 
there is a demand call on the line and will persist for the time period 
specified in the Duration field. 

Forced Down means that the connection is blocked whether or not 
there is a demand call on the line. 

Enable Dial-On-Demand means that this schedule permits a 
demand call on the line. 

Disable Dial-On-Demand means that this schedule prevents a 
demand call on the line. 


Forced On 



14.4 Applying Schedule Sets to Remote Nodes 

Once your schedule sets are configured, you must apply them to the desired remote node(s). Enter 11 from 
the main menu and, using the [SPACE BAR], select PPPoE or PPTP in the Encapsulation field. Enter your 
target remote node index number(s) in the Schedules field, as shown next. 
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Menu 11.1 - Remote Node Profile 



Rem Node Name= 
Active= Yes 



ChangeMe 



Standard 



ervice Typ e= 
Service Name- 
Outgoing : 
Rem Login- 
Rem Password= 
Outgoing : 
My Login- 

My Password^ ******** 
Authen= CHAP /PAP 



******** 



Route= IP 



Edit IP= No 
Telco Option: 

Allocated Budget (min) = 0 

Period (hr) = 0 

Sc hedules= 1,3,4 

< ^^TSTaiied-Up Connection- 0 



Session Options: 

Edit Filter Sets= No 
Idle Timeout (sec) = 100 



Press ENTER to Confirm or ESC to Cancel: 



Figure 14-3 Applying Schedule Sets to a Remote Node Example (PPPoE Encapsulation) 

You can apply up to four schedule sets, separated by commas, for one remote node. Enter the schedule set 
numbers for specific remote nodes in the Schedules field. In the examples, shown previously and next, 
schedule sets 1, 3 and 4 are applied. 



Menu 11.1 - Remote Node Profile 



Rem Node Name- ChangeMe 
Active^ Yes 

_JLns*pfauldlluii- Pt'lt 1 

Service Type- Standard 

Service Name= 

Outgoing : 
Rem Login- 

Rem Password^ ******** 
Athen= CHAP/PAP 

PPTP : 

My IP Addr= 
Server IP Addr= 
Connection ID/Name- 
Authen= CHAP /PAP 



Route= IP 



Edit IP= No 
Telco Option: 

Allocated Budget (min) = 0 

Period (hr) = 0 

Sched ules^ 1,3, 4 
^N^iled-Up Connecti^Tr^O 

Session Options: 

Edit Filter Sets= No 
Idle Timeout (sec) = 100 



Press ENTER to Confirm or ESC to Cancel: 



Figure 14-4 Applying Schedule Sets to a Remote Node Example (PPTP Encapsulation) 
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Part IV: 



Troubleshooting and Additional Information 

This section contains a troubleshooting chapter, some appendices and an index. 
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Chapter 15 
Troubleshooting 

This chapter covers the potential problems and possible remedies. After each problem description, 
some instructions are provided to help you to diagnose and to solve the problem. 

15.1 Problems Starting Up the Prestige 



Table 15-1 Troubleshooting the Start-Up of your Prestige 



PROBLEM 


CORRECTIVE ACTION 


None of the LEDs are on 
when I turn on the Prestige 


Check the connection between the power adapter and the Prestige. 

If the error persists, you may have a hardware problem. In this case, you 
should contact your vendor. 


Cannot access the Prestige 
via the console port. 


1. Check to see if the Prestige is connected to your computer's serial port. 


2. Check to see if the 
communications 
program is configured 
correctly. The 
communications 
software should be 
configured as follows: 


VT100 terminal emulation 


9600 bps is the default speed on leaving the factory. 
Try other speeds in case the speed has been 
changed. 


No parity, 8 data bits, 1 stop bit, data flow set to 
none. 



15.2 Problems with the LAN Interface 

Table 15-2 Troubleshooting the LAN Interface 



PROBLEM 


CORRECTIVE ACTION 


Cannot access the Prestige. 


Verify that the Prestige Uplink button is in the correct position and 
that you are using the correct Ethernet cable. 


Cannot ping any computer on the 
LAN. 


Check the 10M/100M LEDs on the front panel. One of these LEDs 
should be on. If they are both off, check the cables between your 
Prestige and hub or the station. 


Verify that the IP addresses and subnet mask are consistent 
between the Prestige and computers. 
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15.3 Problems with the WAN Interface 



Table 15-3 Troubleshooting the WAN interface 



PROBLEM 


CORRECTIVE ACTION 


Cannot get WAN IP address from 
the ISP. 


The WAN IP address is provided when the ISP recognizes the user 
as an authorized user after verifying the MAC address or Host Name 
or User ID. 

Find out the verification method used by your ISP. 


If the ISP checks the LAN MAC address, tell the ISP the WAN MAC 
address of the Prestige. The WAN MAC can be obtained from menu 
24.1. 

In case the ISP does not allow you to use a new MAC, you can clone 
the MAC from the LAN as the WAN MAC and send it to the ISP 
using Menu 2 — WAN Setup. We recommend you configure this 
menu anyway even if your ISP presently does not require MAC 
address authentication. 


If the ISP checks the Host Name, enter host name in the System 
Name field in Menu 1 — General Setup when you connect the 
Prestige to a cable/xDSL modem. 


If the ISP checks the User ID, make sure that you have entered the 
correct Service Type, user name (in the My Login field) and 
password (in the My Password field) in Menu 4 — Internet Access 
Setup. 


Cannot connect to a remote node 
or ISP. 


Check menu 24.1 to verify the line status. Contact your service 
provider if your line remains down. 



15.4 Problems with Internet Access 

Table 15-4 Internet Access 



PROBLEM 


CORRECTIVE ACTION 


Cannot access the 
Internet. 


Connect your cable/xDSL modem with the Prestige using appropriate cable. 

Check with the manufacturer of your Cable/xDSL modem about the cable 
requirement because some devices require a crossover cable and others a 
straight-through cable. 


Verify your settings in menu 3.2 and menu 4. 
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15.5 Problems with the Password 

Table 15-5 Troubleshooting the Password 



PROBLEM 


CORRECTIVE ACTION 


Cannot access the 
Prestige. 


The Password field is case sensitive. Make sure that you enter the correct 
password using the proper casing. 


If you forget your password you will need to restore the factory default 
configuration file. This will restore all of the factory defaults including the 
password. Refer to the Firmware and Configuration Maintenance chapter. 



15.6 Problems with Remote Management 

Table 15-6 Troubleshooting Remote Management 



PROBLEM 


CORRECTIVE ACTION 


Cannot access the 
Prestige from the 
LAN or WAN. 


Refer to the Remote Management Limitations section of the Remote Management 
chapter for scenarios that may disallow remote management. 


When NAT is enabled: 

> Use the Prestige's WAN IP address when configuring from the WAN. 

> Use the Prestige's LAN IP address when configuring from the LAN. 


Refer to section 15.2 for instructions on checking your LAN connection. 


Refer to section 15.3 for instructions on checking your WAN connection. 
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Appendix A 
TCP/IP 

All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Use straight-through 
Ethernet cables to connect your computer's Ethernet adapter to a hub or switch and to connect the hub or 
switch to the Prestige's LAN port. Otherwise, connect your computer's Ethernet adapter directly to the LAN 
port with a crossover Ethernet cable. 

Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of 
UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. 
Windows 3.1 requires the purchase of a third-party TCP/IP application package. 

TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later 
operating systems. 

After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to 
"communicate" with your network. 

Setting up Your Windows 95/98/Me Computer 

Installing TCP/IP Components 

1. Click Start, Settings, Control Panel and double -click the Network icon. 

The Network window Configuration tab displays a list of installed components. You need a network 
adapter, the TCP/IP protocol and Client for Microsoft Networks. 

If you need the adapter: 

a. In the Network window, click Add. 

b. Select Adapter and then click Add. 

c. Select the manufacturer and model of your network adapter and then click OK. 
If you need TCP/IP: 

a. In the Network window, click Add. 

b. Select Protocol and then click Add. 

c. Select Microsoft from the list of manufacturers. 

d. Select TCP/IP from the list of network protocols and then click OK. 
If you need Client for Microsoft Networks: 

a. Click Add. 
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b. Select Client and then click Add. 

c. Select Microsoft from the list of manufacturers. 

d. Select Client for Microsoft Networks from the list of network clients and then click OK. 

e. Restart your computer so the changes you made take effect. 
Configuring TCP/IP 

1 . In the Network window Configuration tab, select your network adapter's TCP/IP entry and click 
Properties. 

2. Click the IP Address tab. 

• If your IP address is dynamic, select Obtain an IP address automatically. 

• If you have a static IP address, select Specify an IP address and type your information into the IP 
Address and Subnet Mask fields. 

3 . Click the DNS Configuration tab. 

• If you do not know your DNS information, select Disable DNS. 

• If you know your DNS information, select Enable DNS and type the information in the fields below 
(you may not need to fill them all in). 

4. Click the Gateway tab. 

• If you were not given a gateway IP address, remove previously installed gateways. 

• If you have a gateway IP address, type it in the New gateway field and click Add. 

5. Click OK to save and close the TCP/IP Properties window. 

6. Click OK to close the Network window. Insert the Windows CD if prompted. 

7. Turn on your Prestige and restart your computer when prompted. 
Verifying TCP/IP Properties 

1 . Click Start and then Run. 

2. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. 

3. Select your network adapter. You should see your computer's IP address, subnet mask and default 
gateway. 
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Setting up Your Windows NT/2000 Computer 

Configuring TCP/IP 

1. Click Start, Settings, Network and Dial-up Connections and right-click Local Area Connection or 

the connection you want to configure and click Properties. 

2. Select Internet Protocol (TCP/IP) (you may need to scroll down) and click Properties. 

3. The Internet Protocol TCP/IP Properties window opens. 

• If your IP address is dynamic, click Obtain an IP address automatically. 

• If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet 
mask, and Default gateway fields. 

4. In the Internet Protocol TCP/IP Properties window: 

• Click Obtain DNS server automatically if you do not know your DNS server IP address(es). 

• If you know your DNS server IP address(es), type them in the Preferred DNS server and 
Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and 
then the DNS tab to order them. 

5. Click Advanced: 

• If you do not know your gateway's IP address, remove any previously installed gateways in the IP 
Settings tab and click OK. 

6. Click OK to save and close the Internet Protocol (TCP/IP) Properties window. 

7. Click OK to close the Local Area Connection Properties window. 

8. Turn on your Prestige and restart your computer (if prompted). 
Verifying TCP/IP Properties 

1. Click Start, Programs, Accessories and then Command Prompt. 

2. In the Command Prompt window, type "ipconfig" and then press [ENTER]. The window will display 
information about your connection-specific DNS suffix, IP Address, Subnet Mask and Default Gateway. 

Setting up Your Windows XP Computer 

Configuring TCP/IP 

1. Click start, Control Panel, Network and Internet Connections and then Network Connections. 

2. Right-click the network connection you want to configure and then click Properties. 

3. Under the General tab, select Internet Protocol (TCP/IP) (you may need to scroll down) and click 
Properties. 
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4. The Internet Protocol TCP/IP Properties window opens. 

• If you have a dynamic IP address click Obtain an IP address automatically. 

• If you have a static IP address click Use the following IP Address and fill in the IP address, 
Subnet mask, and Default gateway fields. To configure advanced static address settings for a local 
area connection, click Advanced, and do one or more of the following to configure additional IP 

addresses: 

■ In the IP Settings tab, in IP addresses, click Add. 

■ In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and 
then click Add. 

■ Repeat the above two steps for each IP address you want to add. 

■ Configure additional default gateways in the IP Settings tab by clicking Add in Default 
gateways. 

■ In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To 
manually configure a default metric (the number of transmission hops), clear the Automatic 
metric check box and type a metric in Metric. 

■ Click Add. 

■ Repeat the previous three steps for each default gateway you want to add. 

■ Click OK when finished. 

5. In the Internet Protocol TCP/IP Properties window's General tab: 

• Click Obtain DNS server address automatically if you do not know your DNS server IP 
address(es). 

• If you know your DNS server IP address(es), click Use the following DNS server addresses, type 
them in the Preferred DNS server and Alternate DNS server fields. If you have previously 
configured DNS servers, click Advanced and then the DNS tab to order them. 

6. Click OK to close the Internet Protocol (TCP/IP) Properties window. 

7. Click OK to close the Local Area Connection Properties window. 

8. Turn on your Prestige and restart your computer (if prompted). 
Verifying TCP/IP Properties 

1. Click Start, All Programs, Accessories and then Command Prompt. 

2. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open 
Network Connections, right-click a network connection, click Status and then the Support tab. 
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Setting up Your Macintosh Computer 
Configuring TCP/IP Properties 

1 . Click the Apple menu, Control Panel and double -click TCP/IP to open the TCP/IP Control Panel. 

2. Select Ethernet from the Connect via list. 

3. For dynamically assigned settings, select Using DHCP Server from the Configure: list. 

4. For statically assigned settings, do the following: 

a. From the Configure box, select Manually. 

b. Type your IP Address in the IP Address box. 

c. Type your Subnet mask in the Subnet mask box. 

d. Type the IP address of your Prestige in the Router address box. 

5. Close the TCP/IP Control Panel. 

6. Click Save if prompted, to save changes to your configuration. 

7. Turn on your Prestige and restart your computer (if prompted). 
Verifying TCP/IP Properties 

Check your TCP/IP properties in the TCP/IP Control Panel. 



Appendix A 



E 



Prestige 310 Broadband Sharing Gateway 



Appendix B 
PPPoE 

PPPoE in Action 

An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an 
ATM PVC (Permanent Virtual Circuit) which connects to a xDSL Access Concentrator where the PPP 
session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN. 
PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP. 

Benefits of PPPoE 

PPPoE offers the following benefits: 

1. It provides you with a familiar dial-up networking (DUN) user interface. 

2. It lessens the burden on the earners of provisioning virtual circuits all the way to the ISP on multiple 
switches for thousands of users. For GSTN (PSTN & ISDN), the switching fabric is already in place. 

3. It allows the ISP to use the existing dial-up model to authenticate and (optionally) to provide 
differentiated services. 

Traditional Dial-up Scenario 

The following diagram depicts a typical hardware configuration where the PCs use traditional dial-up 
networking. 




Diagram 1 Single-PC per Modem Hardware Configuration 
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How PPPoE Works 

The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the 
modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is 
acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP 
frames to the ISP. The L2TP tunnel is capable of carrying multiple PPP sessions. 

With PPPoE, the VC (Virtual Circuit) is equivalent to the dial-up connection and is between the modem and 
the AC, as opposed to all the way to the ISP. However, the PPP negotiation is between the PC and the ISP. 

The Prestige as a PPPoE Client 



When using the Prestige as a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of 
PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs. 




Diagram 2 Prestige as a PPPoE Client Appendix C 
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Appendix C 
PPTP 

What is PPTP 

PPTP (Point -to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is 
informational only) to tunnel PPP frames. 

How can we transport PPP frames from a PC to a broadband modem over Ethernet? 

A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the 
short haul between the PC and the modem over Ethernet. For the rest of the connection, the PPP frames are 
transported with PPP over AAL5 (RFC 2364). The PPP connection, however, is still between the PC and the 
ISP. The various connections in this setup are depicted in the following diagram. The drawback of this 
solution is that it requires one separate ATM VC per destination. 



PC 




ANT 


ATM over ADSL 


ISP 







PPTP RFC 2364 
M H ^ 



PPP 

Diagram 3 Transport PPP frames over Ethernet 

PPTP and the Prestige 

When the Prestige is deployed in such a setup, it appears as a PC to the ANT (ADSL Network Termination). 

In Windows VPN or PPTP Pass-Through feature, the PPTP tunneling is created from Windows 95, 98 and 
NT clients to an NT server in a remote location. The pass-through feature allows users on the network to 
access a different remote server using the Prestige's Internet connection. In NAT mode, the Prestige is able to 
pass the PPTP packets to the internal PPTP server (i.e. NT server) behind the NAT. Users need to forward 
PPTP packets to port 1723 by configuring the server in Menu 15.2 — Server Set Setup. In the case above as 
the PPTP connection is initialized by the remote PPTP Client, the user must configure the PPTP clients. The 
Prestige initializes the PPTP connection hence, there is no need to configure the remote PPTP clients. 

PPTP Protocol Overview 

PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco's Layer 2 Forwarding). 
Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP 
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Access Concentrator) and the PPTP user. The PNS is the box that hosts both the PPP and the PPTP stacks 
and forms one end of the PPTP tunnel. The PAC is the box that dials/answers the phone calls and relays the 
PPP frames to the PNS. The PPTP user is not necessarily a PPP client (can be a PPP server too). Both the 
PNS and the PAC must have IP connectivity; however, the PAC must in addition have dial-up capability. 
The phone call is between the user and the PAC and the PAC tunnels the PPP frames to the PNS. The PPTP 
user is unaware of the tunnel between the PAC and the PNS. 



PPTP User 

■ 




Phone call " 


- PAC 




PPP frames 


PNS 



Diagram 4 PPTP Protocol Overview 



Microsoft includes PPTP as a part of the Windows OS. In Microsoft's implementation, the PC, and hence the 
Prestige, is the PNS that requests the PAC (the ANT) to place an outgoing call over AAL5 to an RFC 2364 
server. 

Control & PPP connections 

Each PPTP session has distinct control connection and PPP data connection. 
Call Connection 

The control connection runs over TCP. Similar to L2TP, a tunnel control connection is first established 
before call control messages can be exchanged. Please note that a tunnel control connection supports 
multiple call sessions. 

The following diagram depicts the message exchange of a successful call setup between a PC and an ANT. 



Start-Control-Connection-Request 












Start-Control-Connection-Reply 







Outgoing-Call-Request * 

* Outgoing-Call-Reply 



PPP Frames 






PPP Frames 


* 


► 



Diagram 5 Example Message Exchange between PC and an ANT 
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PPP Data Connection 

The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 
1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE 
header. 
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Appendix D 
Example Internal SPTGEN Screens 

The following are examples of screens you see when you configure your Prestige using Internal SPTGEN. 



/ Menu 1 General Set Up 



100000000 = Configured 



100000001 = System NanVg<Str 



1 (Yes) : 



100000004 = Route IP <0 (No) 



1 (Yes) 



100000007 = Domain Name Configured <0:No | l:Yes> 



100000009 = Domain Name Manual <0:No | l:Yes> 



100000010 = Domain Name<Str> 



/ Menu 1 Configure Dynamic DNS 



101000000 = Configured <0 (No) | l(Yes)> 



101000001 = Active <0 (No) | l(Yes)> 



101000002 = Enable Wildcard <0(No) | l(Yes)> 



101000003 - Service Provider<2 : www . dyndns . org> 



101000004 = Host Name<Str> 



101000005 = Email Address<Str> 



101000006 = User Name<Str> 



101000007 = Password 



101000008 = Host IP Address 



101000009 = Last Update Time (mm/dd/yyyy) 1/1/1970 



101000010 
(Custom) > 



DDNS Server Type<0 (Dynamic) | 1 (Static) \2 



101000011 = Offline <0 (No) | 1 (Yes> 



/ Menu 2 WAN Setup 



200000014 = 
' s MAC Addr> 



Assign MAC Address by <0: default, 1 : Fake 



200000015 = Fake IP 



200000016 



/ Menu 3 . 1 General Ethernet Setup 



301000000 = Configured <0 (No) | l(Yes) | 256 (None) > 



301000001 = Input Protocol filters Set 1 



301000005 = Input device filters Set 1 



301000009 = Ouput protocol filters Set 1 



301000013 = Ouput device filters Set 1 



00:16:07:20:00:16 



= 



A <Str> or 
"string" requires 
that, after the 
"=" sign, you 
should enter 
numbers, 
letters or a 
combination of 
both. 



/ Menu 3.2 TCP/IP and DHCP Ethernet Setup 



302000000 = Configured <0(No) 



302000001 = DHCP <0 (None) 



1 (Server) 



2 (Relay) > 



302000002 = Client IP Pool Starting Address 



192.168.54.33 



302000003 = Size of Client IP Pool 



302000004 = Primary DNS Server 



202 . 132 . 154 . 1 



302000005 = Secondary DNS Server 



302000006 = Relay Server Address 



= 0.0.0.0 



302000007 = IP Address 



192 . 168 . 54 . 1 



IP Subnet Mask Bits 



These numbers 
denote applied 
filter rules 
configured in 
SMT menu 21. 
They are used 
here as 

examples only. 



302000009 = RIP Direction <0(None) | 1 (Both) | 2 (In Only) 



Appendix D 



K 



Prestige 310 Broadband Sharing Gateway 



3 (Out Only) > 




302000010 = RIP Version <0(Rip-l) 1 (Rip-2B) 2 (Rip-2M) 

> 


= 0 


302000011 = IP Multicast <0(IGMP-V2) | 1 (IGMP-Vl) 
2 (None> 


= 2 






/ Menu 3.2.1 IP Alias Setup 




302010000 = IP Address <IP Alias 1> 


= 192.168.54.100 


302010001 = IP Subnet Mask Bits 


= 24 


302010002 = RIP Direction <0(None) | 1 (Both) | 2 (In Only) 
| 3 (Out Only) > 


= 0 


302010003 = Version <0(Rip-l) 1 (Rip-2B) 2 (Rip-2M) > 


= 0 


302010004 = Incoming procotol filters Set 1 <256(None)> 


= 6 / 


302010008 = Outgoing procotol filters Set 1 <256(None)> 


= 7 / 


302010012 = IP Address <IP Alias 2> 


-0.0.0.0 / 


302010013 = IP Subnet Mask Bits 


= 0 / 


302010014 = RIP Direction <0(None) | 1 (Both) | 2 (In Only) 
3 (Out Only) > 


- 0 / 


302010015 = Version <0(Rip-l) 1 (Rip-2B) 2 (Rip-2M) > 


~ ~~o / 


302010016 = Incoming procotol filters Set 1 <256 (None) > 


= 2 5 S| / 


THOninnOn Hutrtni rn nvf>rmf-r\l ^ n 1 t- a >- (3 Cist- T t C fMnnal — 

juzuiuj^u — uutgomg procotol niters set ± <^3d viNone; > 


256J 






/ Menu 4 Internet Access Setup 




400000000 = Configured <0 (No) l(Yes)> 


= 1 


400000012 = Active <0(No) | l(Yes)> 


= 1 j 


400000013 = ISP Node <0:No | l:Yes > 


= 1 


400000001 = ISP's Name<Str> 


= TestISP 


400000014 = encapsulation^ : PPPoE 8 : ETHER 15:PPTP > 


= 8 




/ 


/ Encapsulation Ether 


/ 


400000015 = RoadRunner Type <0:Standard 10:RR TOSHIBA | 
11 :RR MANAGER> 


= 0 / 
/ 


400000016 = RoadRunner Server IP 


= 0.0.0. 0/ 


400000017 = RoadRunner User Name l<Str> 


= ras / 


400000018 = RoadRunner User Name 2<Str> 


— ^ 


400000019 = RoadRunner Password 


C- 31323334") 






/ Encapsulation PPPoE 




400000020 = PPPoE User Name l<Str> 


= N/A 


400000021 = PPPoE User Name 2<Str> 


= N/A 


400000022 = PPPoE Password 


= N/A 






/ Encapsulation PPTP 




400000023 = PPTP User Name l<Str> 


= N/A 


400000024 = PPTP User Name 2<Str> 


= N/A 


400000025 = PPTP Password 


= N/A 






/ M4 common 




400000026 = IP Address Assignment <0:Static 1: Dynamic > 


= 1 


400000027 = Ether IP Address 


= 192 .168.66.88 


400000028 = Ether IP Subnet Mask Bits 


= 24 


400000029 = Ether Gateway IP Address 


= 0.0.0.0 


400000030 = Rem Subnet Mask Bits 


= 0 


400000031 = My WAN Addr 


= 0.0.0.0 


400000032 = Rem IP Address 


= 0.0.0.0 


400000011 = Idle Timeout (sec) 


= 300 



256 denots that 
no filter is 



This is your 
Roadrunner 
password in 
ASCII format. 
This password 
is "1234' when 
3ad in clear 



L 
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400000033 = Network Address Translation <0:disable 
| 1 : Enable> 


= 1 


400000034 = NAT Selection <255: SUA 1 : NAT set 1 > 


= 255 






/ Menu 23.1 - System Security - Change Password 




2301000001 = Root Password 


^ = 31323334 ) 



This is your 
password in 
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Appendix E 
Boot Commands 

The BootModule AT commands execute from within the router's bootup software, when debug mode is 
selected before the main router firmware (ZyNOS) is started. When you start up your Prestige, you are given 
a choice to go into debug mode by pressing a key at the prompt shown in the following screen. In debug 
mode you have access to a series of boot module commands, for example ATUR (for uploading firmware) 
and ATLC (for uploading the configuration file). These are discussed in the Firmware and Configuration 
Maintenance chapter of this User's Guide. 



Bootbase Version: V2 . 02 | 10/11/2002 13:58:03 i 

RAM: Size = 8192 Kbytes 

DRAM Post: Testing: 8192K OK 

FLASH: Intel 16M 

ZyNOS Version: V324\wa0b05 | 3/5/2001 18:00:34 
Press any key to enter debug mode within 3 seconds. 

Diagram 6 Option to Enter Debug Mode 

Enter ATHE to view all available Prestige boot module commands as shown in the next screen. ATBAx 
allows you to change the console port speed. The x denotes the number preceding the colon to give the 
console port speed following the colon in the list of numbers that follows; for example, ATBA3 will give a 
console port speed of 9600 Kbps. ATSE displays the seed that is used to generate a password to turn on the 
debug flag in the firmware. The ATSH command shows product related information such as boot module 
version, vendor name, product model, RAS code revision, etc. ATGO allows you to continue booting the 
system. Most other commands aid in advanced troubleshooting and should only be used by qualified 
engineers. 



N 
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Debug 


Command Listing ======= 


AT 


j ust answer OK 


ATHE 


print help 


ATBAx 


change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k 


ATENx, (y) 


set Boot Ext ens ion Debug Flag (y=pas sword) 


ATSE 


show the seed of password generator 


ATTI (h, m, s ) 


change system time to hour:min:sec or show current time 


ATDA ( y , m , d ) 


change system date to year/month/day or show current date 


ATDS 


dump RAS stack 


ATDT 


dump Boot Module Common Area 


ATDUx , y 


dump memory contents from address x for length y 


ATRBx 


display the 8 -bit value of address x 


ATRWx 


display the 16 -bit value of address x 


ATRLx 


display the 3 2 -bit value of address x 


ATGO (x) 


run program at addr x or boot router 


ATGR 


boot router 


ATGT 


run Hardware Test Program 


ATRTw , x , y ( , z ) 


RAM test level w, from address x to y (z iterations) 


ATSH 


dump manufacturer related data in ROM 


i-ii jjua , y 


download from address x for length y to PC via XMODEM 


ATTD 


download router configuration to PC via XMODEM 


ATUR 


upload router firmware to flash ROM 


ATLC 


upload router configuration file to flash ROM 


ATXSx 


xmodem select: x=0 : CRC mode (default) ; x=l: checksum mode 


ATSR 


system reboot 



Diagram 7 List of Debug Commands 
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Appendix F 
Power Adapter Specifications 



NORTH AMERICAN PLUG STANDARDS 


AC Power Adapter Model 


MW48-1201200 


AD48-1201200DUY 


Input Power 


AC120Volts/60Hz/22W 


AC120Volts/60Hz/0.25A 


Output Power 


DC12Volts/1.2A 


DC12Volts/1.2A 


Power Consumption 


9 W 


9 W 


Safety Standards 


UL, CUL (UL1310, CSA C22.2 No. 233-M91) 


EUROPEAN PLUG STANDARDS 


AC Power Adapter Model 


AD-1201200DV 


JAD-121200E 


Input Power 


AC230Volts/50Hz/0.2A 


AC230Volts/50Hz 


Output Power 


DC12Volts/1.2A 


DC12Volts/1.2A 


Power Consumption 


9 W 


9 W 


Safety Standards 


TUV, CE (EN 60950) 




UNITED KINGDOM 


JAPANESE 
PLUG STANDARDS 


AC Power Adapter Model 


AD-1201200DK 


JOD-48-1124 


Input Power 


AC230Volts/50Hz/0.2A 


AC100Volts/ 50/60Hz/ 27VA 


Output Power 


DC12Volts/1.2A 


DC12Volts/1.2A 


Power Consumption 


9 W 


9 W 


Safety Standards 


TUV, CE (EN 60950, BS7002) 


T-Mark (Japan Dentori) 


AUSTRALIAN AND NEW ZEALAND PLUG STANDARDS 


AC Power Adapter Model 


AD-1201200DS or AD-121200DS 


Input Power 


AC240Volts/50Hz/0.2A 


Output Power 


DC12Volts/1.2A 


Power Consumption 


9 W 


Safety Standards 


NATA (AS 3260) 



p 
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Appendix G 
Hardware Specifications 



SPECIFICATIONS 


Power Specification 


l/P AC 120V / 60Hz ; O/P DC 12V 1200 mA 


MTBF 


100000 hrs 


Operation Temperature 


0° C ~ 40 degrees Celecius 


Ethernet Specification for WAN 


10Mbit Half/ Full Manual Setting 


Ethernet Specification for LAN 


10/100 Mbit Half / Full Auto-negotiation 


Console Port RS-232 


Pin 1 = NON ; Pin 2 = DTE-RXD; Pin 3 = DTE-TXD; Pin 4 = DTE-DTR; 
Pin 5 = GND; Pin 6 = DTE-DSR; Pin 7 = DTE-RTS; Pin 8 = DTE-CTS; 
PIN 9 = NON. See figure below. 




Pin1 



Pin 6 



Diagram 8 Pin Numbering 



WAN/LAN CABLE PIN LAYOUT 


STRAIGHT-THROUGH 


CROSSOVER 


(Switch) (Adapter) 
1 IRD + 1 OTD + 
? IRD - ? DTD - 

3 OTD + 3 IRD + 

6 OTD - 6 IRD - 


(Switch) (Switch) 

1 IRD + \^ 1 IRD + 

2 IRD - ^^^^>^^^^_ 2 IRD - 

3 OTD + ^ 3 0TD + 

6 OTD- ^ 6 OTD - 
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